design-tracker
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it ingests untrusted user conversation and writes it to a persistent file.
- Ingestion points: Reads from active user conversation and the
.claude/docs/DESIGN.mdfile. - Boundary markers: Absent; there are no specific instructions to ignore malicious commands embedded in the discussion when recording decisions.
- Capability inventory: Limited to reading and writing a specific documentation file (
.claude/docs/DESIGN.md). - Sanitization: Content is extracted and written to the markdown file without explicit sanitization or validation of the input.
- [NO_CODE]: The skill is composed entirely of natural language instructions and does not include any executable scripts, shell commands, or external dependencies.
Audit Metadata