ln-112-project-core-creator
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs project-wide scans and uses search patterns to auto-discover technologies and architectural patterns. These operations are localized to the project environment and support its core documentation mission.
- [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection by ingesting data from
LEGACY_CONTENTandcontextStore(ingestion points in SKILL.md) for interpolation into templates. Mitigation is provided through boundary markers like<!-- NO_CODE_EXAMPLES -->(templates), limited capabilities (localized file writing and grep), and automated validation in Phase 3 (SKILL.md). - [SAFE]: No evidence of credential theft, malicious persistence, or unauthorized data exfiltration was found. The skill operates within its defined scope to produce static documentation files.
Audit Metadata