tech-stack-research
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface.\n
- Ingestion points: Data enters the agent context through WebFetch and by reading files from the plans/ and team-artifacts/ directories.\n
- Boundary markers: Delimiters and instructions to ignore embedded commands are absent from the prompt.\n
- Capability inventory: The skill utilizes Write, Edit, WebFetch, and TaskCreate tools.\n
- Sanitization: There is no evidence of sanitization or validation of the external data being processed.\n- [NO_CODE]: The skill is composed entirely of markdown instructions without any associated scripts or executable code.\n- [SAFE]: The skill enforces human-in-the-loop validation by requiring the use of AskUserQuestion at every decision point and for validating recommendations before implementation.
Audit Metadata