Skills
skills/melodic-software/claude-code-plugins/interview-conducting/Gen Agent Trust Hub

interview-conducting

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted data from external stakeholders via the AskUserQuestion tool. This creates a potential vulnerability where an attacker posing as a stakeholder could provide malicious instructions embedded in their responses.
  • Ingestion points: Stakeholder responses captured through the AskUserQuestion tool and processed in the 'Requirement Extraction' and 'Interview Summary' phases.
  • Boundary markers: The skill lacks explicit delimiters or instructions to the LLM to ignore or sanitize commands embedded within stakeholder input.
  • Capability inventory: The skill possesses the Write tool to save data to the local filesystem and the Task tool to spawn sub-agents, which could be misused if the agent is manipulated by injected instructions.
  • Sanitization: No sanitization or validation logic is present to filter stakeholder input before it is used to generate YAML-formatted requirements or summary files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:14 PM