research
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs diagnostic operations using standard file-reading tools (Glob, Grep, Read) to map codebase structure. It does not install external dependencies or execute scripts.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading and summarizing untrusted project data and instructions from rules files such as .cursorrules. While malicious instructions in these files could theoretically influence the agent's summary, the skill's activities are limited to documentation generation.
- Ingestion points: Local workspace files and rules files are read in Steps 4 and 5 of the research process.
- Boundary markers: Data is processed into structured markdown templates defined in references/formats.md.
- Capability inventory: The skill is restricted to reading workspace files and writing documentation artifacts.
- Sanitization: No content filtering is applied to the data summarized from project files.
Audit Metadata