parent-project-skills
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection Surface: The skill is designed to discover and process content from external files such as SKILL.md and AGENTS.md found in parent directories. * Ingestion points: Files located at ../../.opencode/skills/*/SKILL.md and ../../AGENTS.md are read into the agent context in SKILL.md. * Boundary markers: While the skill provides a policy-based information boundary to prevent data leakage, there are no structural delimiters or 'ignore' instructions provided specifically for the data being read. * Capability inventory: The agent uses the Read tool to access these files and is instructed to incorporate the discovered context into its reasoning. * Sanitization: No explicit sanitization or validation of the external file content is performed before processing.
- File System Navigation: The skill directs the agent to traverse the directory structure upwards (using ../../) to locate a parent project root and specific configuration files. This behavior is used to establish project context but involves accessing files outside the immediate working directory.
- Behavioral Directives: The skill uses emphatic language and markers like 'CRITICAL' and 'MUST' to establish a safety policy regarding information boundaries. These instructions are designed to prevent the accidental disclosure of internal architecture details in public repositories.
Audit Metadata