project-onboard
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests and processes data from the local file system that could be attacker-controlled.
- Ingestion points: Reads project-level files including
.claude/CLAUDE.md, and multiple files within theai-context/directory (SKILL.md). - Boundary markers: Absent; the skill reads file contents and counts lines to determine state without utilizing delimiters to isolate untrusted data.
- Capability inventory: The skill utilizes
mem_contextandmem_searchtools from the Engram MCP. - Sanitization: Absent; the skill performs logic based on raw file content without sanitization or validation of the data ingested.
- [COMMAND_EXECUTION]: The skill recommends sequences of commands for the user to follow based on the project diagnosis.
- Evidence: Templates for "Recommended Command Sequence" are provided for various cases. However, the skill includes a strict rule: "Make no file-system changes — this skill is 100% read-only," which ensures these commands are not automatically executed.
Audit Metadata