capture-work-items
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a documentation generator that reads local project context and writes structured Markdown files for requirements, bugs, and issues. All operations are confined to the local
docs/directory. - [PROMPT_INJECTION]: Analysis of the Indirect Prompt Injection surface identifies a low-risk profile:
- Ingestion points: Raw user descriptions are ingested via the
input_schemadefined inSKILL.md. - Boundary markers: Absent; the instructions do not explicitly require the agent to use delimiters (e.g., XML tags or triple backticks) to isolate untrusted user data from the system instructions.
- Capability inventory: The skill possesses the capability to write files to the local file system (specifically
docs/backlog/anddocs/process-management/). - Sanitization: The procedural workflow does not include validation or sanitization steps for the user-provided text before it is interpolated into Markdown templates.
- Conclusion: Despite the lack of markers and sanitization, the risk is negligible as the output is static documentation and the skill does not autonomously execute the resulting content or trigger dangerous tools based on it.
Audit Metadata