domain-context
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill is composed entirely of Markdown documentation, procedural guidelines, and templates. There are no executable scripts, binary files, or configuration files that execute code at runtime.
- [SAFE]: The protocol implements human-in-the-loop governance. The AI is explicitly instructed to never auto-modify files and must instead present 'Proposed Domain Updates' for the user to review and apply manually, preventing silent data corruption or manipulation.
- [SAFE]: The installation command
npx skills add customware-ai/skillsreferences a package repository associated with the skill's author ('customware-ai'), representing a standard vendor-provided installation method. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill's primary function is to ingest and trust content from project files (
DOMAIN.md), which could be used to influence AI behavior if the files are modified by an external actor. - Ingestion points: Reads
DOMAIN.mdfrom the project root and supplementary markdown files within thedocs/domain/directory. - Boundary markers: Absent. The instructions do not define specific delimiters or 'ignore' commands for the content within the ingested domain files.
- Capability inventory: The skill allows the agent to read file contents and propose structured text for file updates.
- Sanitization: Absent. There is no specified validation or filtering for the business terminology or rules imported from the domain files.
Audit Metadata