context-setup
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected.
- Ingestion points: The skill reads untrusted instructions from rule files such as
CLAUDE.md,.cursorrules, andAGENTS.mdduring the project scan in Step 5. - Boundary markers: No explicit markers or 'ignore embedded instructions' warnings are used to separate scanned content from the agent's instructions in the generated
context-map.mdartifact. - Capability inventory: The skill possesses file read and write capabilities, and its output is consumed by a chain of subsequent skills including
brainstorming,prd,architecture, andbreakdown. - Sanitization: There is no sanitization, escaping, or validation of the instructions found within the project files before they are summarized and included in the context.
Audit Metadata