onboard
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted data from the codebase. Ingestion points: All files within the codebase during the 'thorough exploration' phase. Boundary markers: None; there are no instructions to ignore embedded prompts or delimit external content. Capability inventory: File system read (exploration) and file system write (recording onboarding data to .claude/tasks/[TASK_ID]/onboarding.md). Sanitization: None; the skill does not specify filtering or sanitizing the content it reads.
- [COMMAND_EXECUTION]: The skill encourages an exhaustive search ('Overdoing it is better than underdoing it'), which may lead the agent to access sensitive local files if they are present in the directory being explored. This includes potential exposure of environment variables, configuration files, or local secrets during the contextual analysis.
Audit Metadata