managing-tech-debt
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill processes untrusted user data which presents a surface for indirect prompt injection.\n
- Ingestion points: User-provided system descriptions, service scopes, and pain points are ingested via
SKILL.mdandreferences/INTAKE.md.\n - Boundary markers: No specific delimiters or "ignore instructions" markers are defined for the interpolation of untrusted user data.\n
- Capability inventory: The skill's capabilities are limited to generating text-based planning deliverables (Markdown); it lacks tools for command execution, file modification, or network requests.\n
- Sanitization: The skill includes explicit instructions in
SKILL.mdandreferences/CHECKLISTS.mdto avoid requesting or recording credentials, reducing the risk of data exposure.
Audit Metadata