ctx
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it reads the full content of external local documents into the agent's context without sanitization.
- Ingestion points: Reads documentation files from project directories or user-provided paths (documented in SKILL.md).
- Boundary markers: While the skill uses visual separators to delimit content, it lacks explicit system-level instructions to ignore any embedded commands or prompts within the loaded file.
- Capability inventory: This skill is designed for development agents which typically have broader capabilities such as file system access.
- Sanitization: No validation or sanitization is performed on the document body before it is presented to the agent.
Audit Metadata