ideation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): This skill consists entirely of markdown instructions and YAML metadata. There are no Python scripts, Node.js packages, or shell commands present in the skill definition.
- [DATA_EXPOSURE] (SAFE): The agent is instructed to write project details to standard documentation files (PLANNING.md, TASK.md, AI_MEMORY.md). This behavior is explicitly defined by the skill's purpose and does not involve accessing sensitive system files or credentials.
- [PROMPT_INJECTION] (LOW): While the skill processes user input to define project concepts, it does not possess high-risk capabilities such as network access or arbitrary command execution. The risk of indirect prompt injection is minimal and confined to the content of the generated project files. Evidence: 1. Ingestion points: User input during project discovery questions. 2. Boundary markers: Absent. 3. Capability inventory: Updating local markdown files. 4. Sanitization: Absent.
Audit Metadata