shape-up
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill defines a surface for processing untrusted data to frame projects. * Ingestion points: Phase 1 'Frame' instructs the agent to capture stakeholder quotes and user descriptions. * Boundary markers: No explicit delimiters or ignore-instructions are specified. * Capability inventory: The skill utilizes code-reading capabilities (Phase 0) and file-writing capabilities (Phase 1, 5) for shaping and planning documents. * Sanitization: No sanitization of ingested text is performed. This is a standard functional surface for this use case and does not present an immediate threat.
- [No Code] (SAFE): The skill consists entirely of markdown instructions and does not include any scripts, binary executables, or automated dependency installations.
Audit Metadata