solo-legal
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of project-specific files.
- Ingestion points: The skill reads docs/prd.md, CLAUDE.md, and stack configuration files (templates/stacks/{stack}.yaml). These files are external to the skill and could potentially contain malicious instructions.
- Boundary markers: The instructions do not define clear delimiters or warnings for the agent to ignore embedded instructions within the project files.
- Capability inventory: The skill uses Read, Grep, and Glob for discovery and Write to create files in the legal/ directory. While limited to the filesystem, these capabilities could be misused if the agent obeys instructions found within the analyzed project data.
- Sanitization: There is no evidence of sanitization or validation of the content read from the project files before it is used to populate templates.
Audit Metadata