legal
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by ingesting untrusted content from the user's codebase to inform its generation process.
- Ingestion points: The skill performs a comprehensive scan of codebase files in Step 2, including source code, database schemas (e.g., Prisma, Drizzle), and documentation (e.g., docs/progress.md).
- Boundary markers: There are no explicit instructions or delimiters defined to ensure the agent ignores or isolates potential instructions embedded within the files it reads during the project detection phase.
- Capability inventory: The agent utilizes file reading tools and has the capability to generate and suggest the creation of new project files (Step 5) based on the scanned data.
- Sanitization: No sanitization or validation logic is specified for the data extracted from the codebase before it is interpolated into the legal document templates in Step 4.
Audit Metadata