ogt-docs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): Indirect Prompt Injection. The skill's primary philosophy is that documentation defines the project and takes precedence over implementation ('If docs say X and code does Y, CODE IS WRONG'). This architecture creates an ingestion point for untrusted data that could influence agent behavior. Evidence Chain: 1. Ingestion points: Files within the docs/ directory structure. 2. Boundary markers: Absent in the structural overview; no delimiters are defined to separate doc content from instructions. 3. Capability inventory: Referenced sub-skills imply capabilities for task management and project auditing. 4. Sanitization: No sanitization or validation of the documentation content is mentioned.
Audit Metadata