preflight
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill reads the contents of local repository files which could potentially contain adversarial instructions designed to influence the agent's behavior.
- Ingestion points: Reads
.claude/rules/lessons.md,STATUS.md, andDECISIONS.md. - Boundary markers: None present; the agent treats the file content as raw context without delimiters or instructions to ignore embedded commands.
- Capability inventory: Basic file system read access (
cat) and local git repository status checks (git status). - Sanitization: None; file contents are processed directly as part of the prompt context.
- [Data Exposure] (SAFE): The skill accesses local project documentation files. While this exposes file content to the LLM context, no network exfiltration patterns or sensitive credential paths (like .ssh or .aws) were detected.
Audit Metadata