route-init
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and summarizes untrusted data from the repository during its initialization workflow.
- Ingestion points: The agent is instructed to perform "directed code scans" on source code, entry points, and configuration files (SKILL.md, Step 2).
- Boundary markers: Absent; there are no instructions to use delimiters or guidelines to ignore instructions embedded within the code being scanned.
- Capability inventory: The skill has file system write access to create and modify documentation files in the
docs/routespec/directory (SKILL.md, Step 3/4). - Sanitization: No sanitization or validation of the scanned content is described before it is interpolated into the documentation templates.
Audit Metadata