scoping-cutting
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- NO_CODE (SAFE): The skill consists entirely of Markdown-based instructions and templates for project management. No programming code, scripts, or binary files are provided within the skill package.\n- Indirect Prompt Injection (SAFE): The skill identifies user-provided context as an input surface but presents no risk because it lacks execution capabilities.\n
- Ingestion points: Project context and scope provided by the user (README.md, SKILL.md).\n
- Boundary markers: The prompt format uses structural headers like 'Context:' and 'Constraints:' to delimit input.\n
- Capability inventory: No scripts, network access, or shell commands are included in the skill content.\n
- Sanitization: No sanitization is implemented, which is acceptable given the documentation-only nature of the tool.\n- SAFE (SAFE): No evidence of malicious patterns, obfuscation, credential exposure, or persistence mechanisms was found during the audit.
Audit Metadata