prd
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to 'explore codebase' to understand patterns and constraints, creating a surface for indirect prompt injection if the processed files contain malicious instructions.
- Ingestion points: Project codebase files (referenced in SKILL.md, Workflow step 3).
- Boundary markers: Absent; no delimiters or instructions are provided to the agent to treat external codebase content as untrusted data.
- Capability inventory: File-write capability to the project root (SKILL.md, Workflow step 4).
- Sanitization: Absent; the agent is expected to directly interpret and follow patterns found in analyzed files without a sanitization layer.
Audit Metadata