onboarding
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by incorporating untrusted user input into downstream file operations.
- Ingestion points: User input for project names and discovery responses is collected via AskUserQuestion and $ARGUMENTS in SKILL.md.
- Boundary markers: Absent; the skill does not use delimiters or explicit instructions to isolate user input from file templates.
- Capability inventory: The skill uses Read, Write, and Glob tools for file manipulation across the projects/ directory.
- Sanitization: Absent; user-provided project names are directly interpolated into file paths (e.g., projects//onboarding.md), potentially allowing for directory traversal vulnerabilities if the underlying tool implementation does not provide protection.
- [SAFE]: No malicious obfuscation, hardcoded credentials, remote code execution, or unauthorized network activity was detected in the skill logic or metadata.
Audit Metadata