working-backwards
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill identifies constraints such as policy, legal, and dependencies as inputs, which is standard for product planning. No hardcoded credentials, sensitive file path access, or unauthorized network operations were found.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): There are no package manifests (requirements.txt, package.json), script files, or remote code download patterns (curl | bash) included in the skill.
- [Indirect Prompt Injection] (LOW): The skill has an attack surface where it ingests untrusted user data into documentation templates.
- Ingestion points: The skill takes user-provided context, problems, and constraints as input via the primary prompt.
- Boundary markers: Absent. The templates do not use specific delimiters to isolate user input from instructions.
- Capability inventory: The skill instructions suggest the agent can write files to a user-specified directory (e.g.,
docs/working-backwards/). - Sanitization: No explicit sanitization or validation of the input content is performed by the skill instructions.
- [Privilege Escalation] (SAFE): No commands requesting administrative privileges or sensitive system modifications were detected.
- [Obfuscation] (SAFE): All content is provided in clear-text Markdown. No Base64, zero-width characters, or hidden Unicode tags were found.
Audit Metadata