start-discussion
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes content from files in
docs/workflow/research/to identify discussion themes and questions. - Ingestion points: Multiple markdown files in
docs/workflow/research/are read by the agent to generate research analysis (Step 3). - Boundary markers: Absent. The instructions do not define clear delimiters or safety instructions to prevent the model from following commands embedded within research files.
- Capability inventory: The agent has access to
Bashfor executing local discovery scripts, session management scripts, and basic file operations (mkdir,rm). - Sanitization: No explicit sanitization or validation of research file content is performed before analysis.
- [Command Execution] (SAFE): The skill utilizes bash scripts for project discovery and session state persistence.
- Evidence:
.claude/skills/start-discussion/scripts/discovery.shand.claude/hooks/workflows/write-session-state.share called to manage the workflow. - Context: These operations are restricted to the local project directory and are essential to the skill's primary functionality.
Audit Metadata