platonic-init
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's 'Recovery Init' mode creates a surface for indirect prompt injection by design.
- Ingestion points: During the 'Scan Project' phase, the agent reads user-controlled files including READMEs, build configuration files (e.g., package.json, Cargo.toml), and source code files across the entire project tree.
- Boundary markers: The operation guides for scanning and recovery do not define delimiters or specific 'ignore embedded instructions' warnings to prevent the LLM from following malicious commands hidden in the scanned project files.
- Capability inventory: The skill has permissions to read the entire local codebase and write new markdown files (RFCs and implementation guides) back to the filesystem.
- Sanitization: There is no evidence of content validation, escaping, or sanitization of the data extracted from the scanned files before it is used to populate the Draft RFC templates.
Audit Metadata