proj-doc-eval
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because its primary function is to ingest and process untrusted external data.
- Ingestion points: The skill reads user-provided project documents (Markdown, PDF, Word) and allows for user-defined custom template files as specified in
SKILL.mdandreferences/custom-template-guide.md. - Boundary markers: There are no explicit instructions or delimiters defined in
SKILL.mdto help the agent distinguish between the skill's instructions and potentially malicious instructions embedded within the documents being evaluated. - Capability inventory: While the skill itself contains no scripts, the agent using the skill typically possesses file-read and text-generation capabilities which could be manipulated by content within a document.
- Sanitization: No sanitization or validation logic is present to filter out instructional text from the documents intended for evaluation.
- NO_CODE (SAFE): The provided skill consists exclusively of Markdown files (
README.md,SKILL.md, and several reference templates). No executable scripts (Python, JavaScript, shell scripts) are included, which significantly limits the potential for traditional malware, persistence, or data exfiltration via code.
Audit Metadata