ce-onboarding
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill contains logic to send the generated ONBOARDING.md content to an external endpoint (https://www.proofeditor.ai/share/markdown) via a POST request if the user selects the 'Share to Proof' option. This transmits synthesized project information and repository structure to a third-party service.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and analyzes various untrusted files from the repository (README, source code, config files) to generate documentation without using boundary markers or explicit instructions to ignore embedded commands.
- Ingestion points: Multiple repository source and configuration files such as README.md, entry points, and route handlers.
- Boundary markers: Absent; the agent reads files directly into context without specific delimiters or isolation.
- Capability inventory: File system access (read/write), local script execution (node), and network access (curl).
- Sanitization: Absent; the content of analyzed files is processed directly to generate descriptive prose.
Audit Metadata