shape-up
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill references an external GitHub repository (github.com/rjs/shaping-skills) for prerequisite skills. This repository is not on the trusted list. The risk is minimized as it is a text instruction to the user rather than an automated execution.
- [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface (Category 8) by ingesting untrusted content from stakeholder quotes and existing codebase. * Ingestion points: Phase 0 reads local code; Phase 1 accepts stakeholder quotes and user requests. * Boundary markers: Absent. There are no delimiters used to separate external content from agent instructions. * Capability inventory: The skill calls internal tools (/shaping, /breadboarding), reads local files, and writes documentation files (.md). * Sanitization: Absent. External content is used directly for framing and requirements extraction. * Severity: LOW, as the capabilities are restricted to documentation and internal reasoning.
Audit Metadata