impl-tracking
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a workflow for indirect prompt injection via tracking documents and session logs.
- Ingestion points: The skill instructs the agent to read and follow instructions from external files including implementation tracking documents,
plan-next-session.md, andsession-reportXML files (refer to sections 'How Agents Use Tracking Documents' and 'Work Queue Handoff'). - Boundary markers: The skill template does not provide boundary markers or instructions for the agent to distinguish between its own previous records and potentially malicious instructions embedded in the data files by third parties.
- Capability inventory: The methodology is intended for agents with the capability to create/modify files and execute implementation tasks, meaning injected instructions in a tracking document could lead to unauthorized code changes or command execution.
- Sanitization: There is no evidence of content sanitization or validation of the tracking documents before they are parsed for task prioritization and execution logic.
Audit Metadata