checklist-generator
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill analyzes project configuration files such as 'package.json', 'requirements.txt', and 'go.mod' to detect the technical stack. This process ingests untrusted data from the local environment into the agent's context.
- Ingestion points: Context detection logic in SKILL.md reads dependency files.
- Boundary markers: The skill does not explicitly define delimiters for untrusted file content.
- Capability inventory: The skill utilizes 'Read', 'Write', 'Edit', 'Glob', and 'Grep' tools.
- Sanitization: No specific sanitization of configuration file content is described before processing.
- [COMMAND_EXECUTION]: The skill uses local scripts for metric recording and input validation. The provided 'main.cjs' script performs basic argument parsing without dangerous shell execution or system-level modifications.
Audit Metadata