c3-provision
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- PROMPT_INJECTION (SAFE): The routing instructions (e.g., 'DO NOT use this skill if...') are functional logic for the orchestrator to ensure the correct tool is used, not attempts to bypass security filters or override agent constraints.
- DATA_EXPOSURE (SAFE): The skill reads internal architectural documentation within the
.c3/directory to synthesize design decisions. It does not access sensitive system files (e.g., SSH keys, credentials) or environment variables. - COMMAND_EXECUTION (SAFE): While the skill instructs the agent to use
mkdir -pfor directory management, these operations are scoped to the project's local documentation folder. There are no patterns for executing arbitrary or malicious system commands. - INDIRECT_PROMPT_INJECTION (SAFE): The skill processes existing local documentation as a reference for new designs. While this technically constitutes an ingestion surface, the risk is negligible as the skill's capabilities are limited to generating markdown-based documentation and ADRs, with no side-effects or code execution phases.
- UNVERIFIABLE_DEPENDENCIES (SAFE): The skill does not download or execute external scripts, packages, or remote code. It relies entirely on internal templates and local file operations.
Audit Metadata