onboard
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted external data and persisting it into agent instructions.
- Ingestion points: In Phase 2, the skill reads content from external sources including PRD files, API specifications, and project management tickets (GitHub/Linear/Jira).
- Boundary markers: The skill utilizes HTML comment markers (e.g.,
<!-- helpmetest:start v1 -->) to delimit its injected instructions in files likeCLAUDE.md, which helps with identification but does not filter the content of the ingested data for malicious directives. - Capability inventory: The skill is designed to write directly to persistent agent instruction files (
CLAUDE.md,AGENTS.md,SOUL.md), allowing any malicious instructions found in project documentation to be embedded into the agent's long-term behavior guidelines. - Sanitization: The instructions lack explicit requirements for sanitizing or validating the content extracted from external documentation before it is written to the agent's persistent instruction set.
Audit Metadata