Skills
skills/melodic-software/claude-code-plugins/journey-map/Gen Agent Trust Hub

journey-map

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection risk via untrusted data ingestion.
  • Ingestion points: The skill reads synthesis data and interview transcripts from the .requirements directory as described in Step 1 and the Example Session.
  • Boundary markers: The skill does not provide delimiters or instructions to the agent to ignore or escape commands potentially hidden in the ingested files.
  • Capability inventory: The agent is permitted to use Read, Write, Glob, Grep, and Skill tools, which could be exploited if malicious content in the source files hijacks the agent's workflow.
  • Sanitization: No sanitization or validation logic is applied to the content extracted from requirement files before it influences the agent's analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 03:13 AM