onboard
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs legitimate documentation tasks using local file access only. No suspicious patterns, such as obfuscation, persistence, or network requests, were found.
- [PROMPT_INJECTION]: Technical analysis of indirect prompt injection surface: (1) Ingestion points: Files such as CLAUDE.md, .claude/agents/, and source code directories are read for summarization. (2) Boundary markers: None are present in the output document template. (3) Capability inventory: The skill is restricted to Read, Glob, Grep, and Write tools. (4) Sanitization: Content summarized from external files is not validated or sanitized before being written to the onboarding guide. This surface is inherent to documentation tasks and is assessed as safe.
Audit Metadata