onboard
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions or bypass attempts detected in the prompt logic. The instructions are purely functional for data aggregation.
- [Data Exposure & Exfiltration] (SAFE): The skill reads from defined project context directories (
.context/,.agents/). There are no network operations, and it does not target sensitive system paths like SSH keys or environment secrets. - [Indirect Prompt Injection] (LOW): The skill processes data from local files which could be manipulated by an attacker to influence the AI's behavior.
- Ingestion points:
.context/project.md,.context/stack.md,.context/architecture.md,.context/conventions.md, and files in.context/specs/. - Boundary markers: Absent; content is interpolated directly into the dashboard template without explicit delimiters or safety instructions.
- Capability inventory: No destructive capabilities; the skill explicitly states it is non-destructive and only reads files.
- Sanitization: None detected for the ingested file content.
- [Command Execution] (SAFE): While the skill mentions 'running' validation, the implementation context and the 'Non-destructive' guarantee indicate this refers to checking existing file states or outputs from other tools rather than arbitrary shell execution.
- [Obfuscation] (SAFE): No encoded strings, homoglyphs, or hidden characters were found in the skill file.
Audit Metadata