solo-metrics-track
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from project-specific files and reflects that content in generated documentation.
- Ingestion points: The skill reads the PRD and CLAUDE.md files in Step 1 to extract project features and stack information.
- Boundary markers: There are no boundary markers or instructions provided to the agent to ignore potentially malicious instructions embedded within the PRD or CLAUDE.md files.
- Capability inventory: The skill possesses the 'Write' capability, which it uses to create the 'docs/metrics-plan.md' file based on the ingested data.
- Sanitization: No sanitization, escaping, or validation steps are defined for the data extracted from the project files before it is interpolated into the final metrics plan.
Audit Metadata