hillchart
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Surface for indirect prompt injection exists due to the processing of untrusted external data.
- Ingestion points: The skill reads project-specific files such as
plan.md,shaping.md, andtasks/*.md, as well as Pull Request bodies and titles viagh pr viewoutput. - Boundary markers: The prompt does not define delimiters or specific instructions to the agent to disregard instructions found within the project files or PR descriptions.
- Capability inventory: The skill utilizes file system access (reading code and writing to
hillchart-history.md) and executes GitHub CLI commands (gh pr list,gh pr view) to aggregate data. - Sanitization: No sanitization or filtering is applied to the content retrieved from external sources before it is processed for status signals.
Audit Metadata