discover
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest data from the local codebase to inform its discovery and analysis process.
- Ingestion points: The skill explicitly scans 'package.json', 'product-context.md', the '.agents/' directory, and 'CLAUDE.md' during its initial context-gathering phase.
- Boundary markers: The instructions lack explicit delimitation or 'ignore instructions' warnings when interpolating these external file contents into the agent's context.
- Capability inventory: The skill has access to 'Read', 'Grep', 'Glob', and 'Bash' tools, which provide the ability to read arbitrary files and execute shell commands based on the discovery logic.
- Sanitization: No sanitization or validation of the ingested codebase content is performed before it is added to the model's context.
Audit Metadata