requirements-clarification
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill content is strictly instructional regarding requirements gathering and does not contain commands to bypass or ignore agent constraints.
- [Data Exposure & Exfiltration] (SAFE): No network access or data transmission logic is present. Tools are limited to Read, Grep, and Glob for project analysis.
- [Remote Code Execution] (SAFE): There are no scripts, package managers, or remote URLs referenced for execution.
- [Indirect Prompt Injection] (SAFE): The skill's primary function is to process user input to generate questions. Given the lack of destructive tools (write, delete, execute, or network), the surface for indirect injection is minimal and presents no actionable risk.
Audit Metadata