rfc
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential indirect prompt injection surface identified through untrusted file processing.
- Ingestion points: The skill reads from local project files such as RFCs (docs/rfcs/*.md), research artifacts, and Architecture Decision Records (ADRs) to gather context for updates and reviews (WORKFLOW.md).
- Boundary markers: The skill does not use explicit delimiters or instructions to isolate document content from agent logic, potentially allowing embedded instructions to influence the agent.
- Capability inventory: The skill can write to the file system and delegate tasks to a sub-agent (doc:rfc-critic) which is granted Bash access to verify claims made in documents. This combination could be exploited if malicious content is processed.
- Sanitization: No sanitization or content validation is performed on the data extracted from the documents.
Audit Metadata