blueprint-status
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behavior or security vulnerabilities detected. The skill functions as a local documentation auditing tool.
- [COMMAND_EXECUTION]: Employs Bash for file system discovery and metadata filtering using grep and wc. These operations are restricted to read-only access of local project documentation.
- [DATA_EXFILTRATION]: Collects project metadata for display in the agent output. There is no evidence of network activity or data transmission to external domains.
- [PROMPT_INJECTION]: The skill ingests untrusted data from local project files (manifest.json, docs/prds/.md, docs/adrs/.md). Ingestion points: Project manifest and documentation directories; Boundary markers: Absent; Capability inventory: Bash (grep/wc), Read, Glob, AskUserQuestion; Sanitization: Absent. The risk is considered minimal as the skill performs structured metadata extraction rather than instruction execution.
Audit Metadata