cacos
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists entirely of markdown documentation, persona definitions, and workflow templates. There are no scripts, binaries, or installation commands provided within the skill files.
- [PROMPT_INJECTION]: The skill describes workflows that ingest and process external, untrusted project data, creating a surface for indirect prompt injection. 1. Ingestion points: Input data for Technical Translator, Creation Engine, and Website Development tasks (SKILL.md). 2. Boundary markers: Absent; handoff templates and workflow instructions do not include delimiters or specific guidance to ignore instructions embedded in the project data. 3. Capability inventory: The skill references high-privilege environments including the Claude Code CLI, Task tool, and MCP Servers for file and system operations. 4. Sanitization: Absent; no validation, escaping, or filtering of external content is defined in the workflow logic.
Audit Metadata