name-project
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) as it automatically ingests data from external project files to determine its naming strategies and context.
- Ingestion points: Processes content from
README,package.json, documentation files, and various configuration files during the 'Context Discovery' phase (SKILL.md). - Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to ignore potential instructions embedded within the files it scans.
- Capability inventory: The skill allows the use of web searches, registry checks (npm, GitHub), and any other available tools to perform research and validation.
- Sanitization: Absent. No filtering or validation is performed on the data read from local files before it is used to influence the agent's output.
- [DATA_EXFILTRATION]: The skill combines local file access with network operations, creating a potential path for data exposure.
- Sensitive Access: The agent is instructed to scan
config filesfor descriptive metadata. Depending on the environment, this could lead to the inspection of sensitive configuration or environment data. - Network Operations: The skill performs a "silent research pass" and "Collision Clearance" checks against external domains (npm, GitHub, and general web searches) using information derived from the project context.
Audit Metadata