developer-onboarding-30-60-90
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWSAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill has an inherent surface for indirect prompt injection as it ingests user-supplied data to generate onboarding documents.
- Ingestion points: User input for hire name, role, and level processed in SKILL.md.
- Boundary markers: Absent; user data is directly interpolated into the template.
- Capability inventory: Internal influence only; includes local scripts (scripts/validate-plan.py, scripts/generate-calendar.py) for validation and local calendar file generation.
- Sanitization: No sanitization or validation of the input data is defined in the instructions.
Audit Metadata