pm
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it ingests untrusted local data from the project codebase and documentation to generate its analysis. An attacker could potentially influence the agent's output by placing malicious instructions within README.md or source code comments.
- Ingestion points: Processes project documentation (README.md, CLAUDE.md) and repository source code using Read and Grep tools.
- Boundary markers: The skill does not define explicit boundary markers or instructions for the agent to ignore embedded commands in the ingested content.
- Capability inventory: Includes the ability to write files to the local filesystem (Write tool), though this is gated by user confirmation in the conversational workflow.
- Sanitization: No specific sanitization or escaping of external file content is implemented before it is processed by the AI models.
Audit Metadata