now-how
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from untrusted source files and documentation while maintaining file-writing capabilities.\n
- Ingestion points: The skill reads project root files such as HOW.md, WHY.md, and README.md, as well as arbitrary source files identified during architectural mapping (SKILL.md).\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded prompts are provided for the agent when reading or processing the content of the codebase files.\n
- Capability inventory: The skill is capable of performing recursive codebase exploration, reading full file contents, and creating or overwriting Markdown documentation files (SKILL.md).\n
- Sanitization: The instructions do not define any sanitization, filtering, or validation steps for the data retrieved from the source files before it is used for documentation updates.\n- [NO_CODE]: This skill consists solely of instructional documentation (Markdown) and does not contain any executable scripts, binaries, or automated command execution logic.
Audit Metadata