project-workflow-analysis-blueprint-generator
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the analysis of external, untrusted codebases, which presents an indirect prompt injection surface. Malicious commands hidden in the codebase could be interpreted as instructions by the agent performing the analysis.
- Ingestion points:
SKILL.md(Initial Detection Phase) directs agents to examine the entire codebase structure, including API controllers, repository implementations, and UI components. - Boundary markers: There are no protective delimiters or specific instructions to ignore natural language commands found within the source code files.
- Capability inventory: The skill is designed for use with agents possessing file-system read access.
- Sanitization: There is no evidence of filtering or sanitization of the content read from the codebase.
- [NO_CODE]: The skill consists exclusively of markdown documentation and prompt templates with no scripts or executable binaries, which limits the potential for direct system compromise.
Audit Metadata