execution-alignment
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: Analysis of the skill instructions and configuration reveals no malicious patterns. The skill is designed for documentation analysis and report generation within the project's file structure.
- [NO_CODE]: The skill is composed entirely of markdown documentation and YAML metadata. It does not include any Python scripts, Node.js code, or other executable binaries.
- [PROMPT_INJECTION]: The skill processes untrusted task contexts and project documents to generate reports. This surface is managed by operational boundaries. 1. Ingestion points: Task descriptions and project document roots (SKILL.md). 2. Boundary markers: Instructions enforce a specific reporting role and deterministic mode selection. 3. Capability inventory: Writing markdown reports to the docs/ directory. 4. Sanitization: Relies on explicit user confirmation gates for any proposed changes to planning documents.
Audit Metadata