shape
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it is designed to ingest and 'study' untrusted Pitch documents provided by users.
- Ingestion points: The agent reads an attached Pitch document end-to-end and searches the local repository (Step 1).
- Boundary markers: The instructions do not specify any markers or 'ignore' constraints to separate data from instructions within the Pitch document.
- Capability inventory: The skill is limited to reading files (codebase) and writing a markdown file (projects/.../shaping.md). No network communication, subprocess execution, or administrative capabilities are present.
- Sanitization: No explicit sanitization or content validation is performed on the data extracted from the Pitch before it is written to the new markdown file.
- [DATA_EXPOSURE]: The skill requires access to the codebase to identify implementation paths (models, controllers, services). This is the intended primary purpose of the skill and does not involve exfiltrating data to external sources.
- [COMMAND_EXECUTION]: No dangerous command execution, shell spawning, or script execution patterns were detected in the skill definition.
Audit Metadata