onboard
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8) as it processes untrusted local codebase data.
- Ingestion points: The agent reads file names and content from the local project directory via
findand specific manifest files likepackage.jsonandrequirements.txt(SKILL.md). - Boundary markers: Absent; the instructions do not command the agent to ignore or delimit instructions found within the analyzed files.
- Capability inventory: The agent can execute shell commands (
mkdir,find,tldr) and write YAML handoff files to the local filesystem (SKILL.md). - Sanitization: Absent; data harvested from project files is interpolated into a YAML handoff without explicit validation or escaping.
- COMMAND_EXECUTION (SAFE): The skill uses standard utilities (
mkdir,find,tldr) for codebase discovery and directory structure initialization. These operations are consistent with the skill's primary purpose and do not involve piping remote content to a shell or acquiring elevated privileges.
Audit Metadata