audit-skill-lifecycle
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) through its deep semantic analysis of external plugin files.\n
- Ingestion points: Skill directories, agent files, command files, reference documents, and data files (JSON, YAML, Markdown) parsed during the Discovery phase in SKILL.md.\n
- Boundary markers: Absent; the skill workflow does not specify the use of delimiters or 'ignore' instructions to isolate the content of audited files from the agent's logic.\n
- Capability inventory: The skill performs extensive file system reads across the plugin structure and writes audit artifacts, reports, and recommendations to the '.claude/audits/' directory.\n
- Sanitization: Absent; there is no evidence of instruction filtering, validation, or escaping of the parsed content before it is analyzed by the model.
Audit Metadata