ask-project-memory
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill reads from
.docs/decisions.mdto guide agent behavior and ensure consistency with past decisions. Maliciously crafted instructions in this file could potentially influence the agent's reasoning, though the skill lacks high-risk capabilities like network access or arbitrary command execution. - Ingestion points:
.docs/decisions.md(referenced in README.md and SKILL.md). - Boundary markers: None present.
- Capability inventory: Local file read and write operations restricted to documentation paths.
- Sanitization: No explicit sanitization of the markdown content is performed before the agent processes it.
- [Data Exposure] (SAFE): The skill is designed to interact with project documentation. It does not access sensitive system paths, credentials, or perform network exfiltration.
- [Command Execution] (SAFE): While the skill includes a Python script (
scripts/validate.py), it is a benign placeholder and does not execute untrusted commands or download remote resources.
Audit Metadata