tech-design-doc
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs legitimate documentation tasks using standard file operations (Read, Write, Glob, Grep). It gathers context from the project and writes to designated documentation directories. No sensitive system files or credentials are targeted.
- [PROMPT_INJECTION]: The skill processes untrusted codebase content to inform design documentation, creating a surface for indirect prompt injection. 1. Ingestion points: Codebase files read via Glob, Grep, and Read in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Read, Write, Glob, and Grep. 4. Sanitization: Absent. This surface is inherent to the documentation task and is not accompanied by high-risk tools such as network exfiltration or code execution.
Audit Metadata