but-why
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No malicious prompt injection patterns were detected. The skill uses natural instructional language to define agent workflows for documentation tasks.
- [DATA_EXFILTRATION]: No sensitive file paths, hardcoded credentials, or network operations were found. The skill only interacts with non-sensitive project documentation files such as WHY.md and HOW.md.
- [REMOTE_CODE_EXECUTION]: The skill does not perform any external downloads or execute remote scripts. It contains no code execution patterns like eval() or subprocess calls.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection. Ingestion points: reads existing WHY.md and design/ files. Boundary markers: absent. Capability inventory: reading and writing local markdown files. Sanitization: absent. The risk is considered negligible as the workflow mandates explicit owner approval and manual review of all content.
- [PRIVILEGE_ESCALATION]: No privilege escalation patterns, such as sudo or chmod commands, were found.
- [PERSISTENCE_MECHANISMS]: No attempts to establish persistence through shell profiles or startup scripts were detected.
Audit Metadata