beo-explore
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from user requests and external ticket summaries to generate project requirements.
- Ingestion points: User instructions and ticket data are read into the agent context in SKILL.md and intake-bootstrap.md.
- Boundary markers: The templates defined for CONTEXT.md in intake-bootstrap.md do not include explicit boundary markers or 'ignore embedded instructions' warnings for user-provided strings.
- Capability inventory: The skill possesses the capability to modify the file system by creating directories and writing artifacts such as CONTEXT.md and STATE.json, as described in SKILL.md and intake-bootstrap.md.
- Sanitization: While the skill enforces regex validation for feature slugs, it does not specify sanitization, escaping, or filtering for the descriptive requirement content extracted from user requests.
Audit Metadata