tech-debt
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill is designed to ingest data from external sources such as 'Code reviews and PR comments' and 'Incident post-mortems'. If this data contains malicious instructions, they could influence the agent's reasoning or summary generation.
- Ingestion points: Reads
data/engineering/tech_debt.jsonwhich aggregates external content. - Boundary markers: No boundary markers or instructions to ignore embedded commands are present when processing external text.
- Capability inventory: File system read (multiple JSON files) and file system write (
data/engineering/tech_debt.json). - Sanitization: No sanitization or validation logic is specified for the ingested technical debt descriptions.
- [DATA_EXPOSURE] (LOW): Sensitive Information Access. The skill reads
data/cfo/latest_forecast.json. While no network exfiltration is present in the skill instructions, the inclusion of financial data in the context of a tool that processes untrusted external comments creates a risk of accidental data disclosure through the agent's response.
Audit Metadata