drift-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes external and potentially untrusted project data to generate synthesized reports.
- Ingestion points: Data is collected from GitHub issues, pull requests, and documentation files like README.md and PLAN.md.
- Boundary markers: The templates and analysis instructions do not use delimiters or instructions to ignore embedded commands within the processed data.
- Capability inventory: The skill uses ingested data to create prioritized reconstruction plans and drift reports, which could be manipulated by content within the source files.
- Sanitization: No sanitization or validation logic is specified for the ingested content prior to LLM analysis.
Audit Metadata