workflow-project-intake
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill manages project metadata but explicitly instructs the agent to redact sensitive content like tokens and secrets from its logs. No unauthorized network operations or credential exfiltration patterns were found.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted user input (brainstorming ideas) and interacts with repository content. While it lacks explicit XML boundary markers for this data in the prompt instructions, it implements a mandatory 'Checkpoint Protocol' requiring explicit human confirmation before any write operation with external side effects is executed, effectively mitigating potential injection risks.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references external tools such as 'supabase', 'stripe', and 'workflow-ship-faster', which are standard internal skill dependencies. It does not perform dynamic downloads (e.g., curl | bash) or install unverified packages.
- [Privilege Escalation] (SAFE): The instructions do not contain any commands to elevate permissions, such as sudo, or modify system-level configurations.
- [Command Execution] (SAFE): All file system operations are constrained to the project directory (runs/ or openspec/) and follow a predefined schema for tasks and context.
Audit Metadata