dor-gate
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill uses emphatic instructional language (e.g., "MANDATORY IMPORTANT MUST") to strictly enforce its internal workflow, task management, and evidence requirements. This is an operational reliability pattern rather than an attempt to bypass safety guidelines.\n- [PROMPT_INJECTION]: The skill presents an attack surface for Indirect Prompt Injection due to the processing of untrusted PBI data.\n
- Ingestion points: PBI files located in "team-artifacts/pbis/" (SKILL.md)\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic.\n
- Capability inventory: The skill utilizes "TaskCreate" for task management and "AskUserQuestion" for user validation (SKILL.md).\n
- Sanitization: No input validation or sanitization is performed on the ingested PBI content.\n- [DATA_EXFILTRATION]: The skill is configured to read from specific local file system paths, including "team-artifacts/pbis/" for input and ".claude/skills/shared/refinement-dor-checklist-protocol.md" for configuration. This constitutes a data exposure surface for project-related information, although no network exfiltration was detected.
Audit Metadata