define
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to ingest and analyze untrusted data from the local codebase and documentation.
- Ingestion points: The skill instructions in
SKILL.mddirect the agent to explore the codebase and search for existing documentation (user guides, help docs, specs). - Boundary markers: There are no explicit delimiters or 'ignore' instructions defined for the data ingestion phase.
- Capability inventory: The skill is restricted to reading local files and writing markdown living documents within the
./plans/directory. - Sanitization: The instructions mitigate risk by requiring the agent to 'Read codebase silently' and 'present findings as product behavior,' explicitly forbidding the surfacing of schemas, APIs, or technical implementation details.
- [SAFE]: All file operations are local to the workspace, focusing on the maintenance of state and requirements in specific project directories.
- [SAFE]: No patterns of external data exfiltration, obfuscation, or unauthorized command execution were detected across the skill files and templates.
Audit Metadata