solo-setup
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from project files to generate output.
- Ingestion points: Reads content from
CLAUDE.md,docs/prd.md,package.json,pyproject.toml,Makefile, and various linter configuration files. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when reading these files.
- Capability inventory: The skill has access to
Bash(for directory creation),Write, andEdittools. - Sanitization: No sanitization or validation of the ingested text is performed before it is used to generate the
docs/workflow.mdfile. - [COMMAND_EXECUTION]: Executes a simple shell command (
mkdir -p docs) to ensure the target directory exists. This is a standard operation for the skill's purpose and is performed within the project scope.
Audit Metadata