tech-debt
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection.
- Ingestion points: Codebase files containing comments like TODO, FIXME, or HACK (scanned via Grep and Read tools).
- Boundary markers: Absent. The skill does not provide delimiters or instructions to the agent to treat scanned content as data only.
- Capability inventory: Read, Glob, Grep, and Write.
- Sanitization: Absent. Findings are directly categorized and written to the 'docs/tech-debt-register.md' file without validation.
Audit Metadata