hej
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of reading and summarizing external data.
- Ingestion points: The skill reads multiple project-scoped artifacts (
VISION.md,TODO.md,CHANGELOG.md,PLAN.md,HEALTH.md,OBJECTIVE.md,EXPERIMENTS.md,DOCS.md,DESIGN.md) and a globalPROFILE.md(located via environment variables like$XDG_DATA_HOME). - Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious directions embedded within these files.
- Capability inventory: The skill is strictly limited to orientation and routing. It contains explicit safety rails preventing it from executing implementation work, modifying artifacts, or performing network operations, which significantly mitigates the potential impact of an injection.
- Sanitization: The instructions do not describe any sanitization, filtering, or validation of the content read from project artifacts before it is incorporated into the session briefing.
Audit Metadata