workthrough
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill has an attack surface for indirect prompt injection because it reads and analyzes all modified files in the repository to generate documentation.
- Ingestion points: All files modified during a session as identified in SKILL.md.
- Boundary markers: Absent; the instructions do not provide delimiters or warnings to ignore embedded instructions in the analyzed source code.
- Capability inventory: The agent is granted file-read access to the workspace, file-write access to the workthrough directory, and the ability to execute shell commands for build and test verification.
- Sanitization: Absent; code and logs are interpolated directly into markdown files.
- [Command Execution] (SAFE): The skill instructs the agent to execute build and test commands (such as pnpm build and pnpm test) to collect verification results. While this executes code modified during the session, it is a standard development workflow and the primary intended purpose of the skill.
- [Data Exposure] (LOW): The skill documents configuration and code changes systematically. There is a risk that sensitive data, such as API keys or environment variables added to configuration files during development, could be accidentally captured and mirrored in the generated documentation files.
Audit Metadata