docs
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external, potentially untrusted data from the codebase.
- Ingestion points: Reads project manifest files (package.json, pyproject.toml, etc.), configuration files (.env.example, Dockerfile), and technical documentation files within the
docs/directory. - Boundary markers: No boundary markers or "ignore embedded instructions" warnings are used when reading and processing these file contents.
- Capability inventory: The skill can write new files (README.md, CLAUDE.md, AGENT.md), modify existing documentation files in
docs/, and execute local git commands. - Sanitization: No sanitization, escaping, or validation of the ingested file content is performed before it influences the agent's output and file-writing actions.
- [COMMAND_EXECUTION]: The skill executes standard system commands to gather project metadata.
- Evidence: Runs
git log --oneline -10andgit remote -vto analyze project history and origin.
Audit Metadata