analyze
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted data from the user's codebase and raw ideas to generate documentation.
- Ingestion points: The skill scans the workspace structure, reads configuration files (e.g.,
.cursorrules,CLAUDE.md), and processes user-provided feature requests (SKILL.md, Step 2 & 3). - Boundary markers: The skill implements mandatory human review gates between every phase (Step 2-7) to verify generated artifacts before proceeding, which serves as a mitigation against automated exploitation.
- Capability inventory: The skill performs file system write operations to save markdown artifacts (
context-map.md,prd.md, etc.) based on the processed data (SKILL.md, Output section). - Sanitization: No explicit sanitization or instruction-filtering of the ingested codebase content is mentioned in the pipeline process.
Audit Metadata