go
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill utilizes basic shell commands like
lsandheadon predefined documentation paths to understand project structure, posing no risk to the system.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it reads and processes data from external files and APIs.\n - Ingestion points: Files like
docs/vision.mdanddocs/arc/progress.md, and Linear issue data are read into the agent's context.\n - Boundary markers: None; the ingested data is not encapsulated within safety delimiters to prevent instruction override.\n
- Capability inventory: The skill can execute shell commands for file reading and invoke other workspace skills based on its analysis.\n
- Sanitization: There is no filtering or sanitization of the text retrieved from the codebase or issue tracker before it is processed.
Audit Metadata