cognitive-load
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its data processing workflow. \n- Ingestion points: Untrusted team and system context is gathered from the local environment using Read, Glob, and Grep tools (SKILL.md, Step 2). \n- Boundary markers: There are no delimiters or instructions to ignore potential instructions embedded within the gathered project files. \n- Capability inventory: The skill has access to the Write, Skill, and Task tools, allowing it to modify the filesystem or trigger other agent capabilities based on potentially poisoned input (SKILL.md, Step 4 & 5). \n- Sanitization: The skill does not validate or sanitize the gathered context before interpolating it into the prompts for the team-health-assessor task.
Audit Metadata