copyright-docs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted source code as its primary data source, creating a vulnerability surface for indirect prompt injection.\n
- Ingestion points: Project source code files accessed via user-defined metadata paths (e.g.,
src/).\n - Boundary markers: Absent; source code content is processed by subagents without the use of isolation delimiters or explicit instructions to ignore embedded commands.\n
- Capability inventory: The skill has permissions to write to the local file system and execute subagent tasks using the
Tasktool.\n - Sanitization: There is no evidence of sanitization or filtering of comments or metadata within the ingested source code.\n- [Dynamic Execution] (LOW): The skill assembles subagent prompts at runtime using predefined templates.\n
- Evidence: The subagent prompts are dynamically constructed in
phases/01.5-project-exploration.mdusing the framework provided intemplates/agent-base.md.\n- [Command Execution] (SAFE): The skill usesBashfor directory initialization and ripgrep (rg) for code discovery. These operations are limited to the local environment and are standard for the intended primary purpose of code analysis and documentation.
Audit Metadata