project-risks-and-changes
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [Category 8: Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted external data in the 'observations' and 'change_request' fields. Ingestion points: Untrusted data enters the context via 'observations' and 'change_request' inputs. Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present. Capability inventory: The agent is instructed to write and update local markdown files (project_state.md, risk-register.md, change-log.md). Sanitization: No escaping or validation of external content is specified.
- [Category 4: Unverifiable Dependencies & Remote Code Execution] (SAFE): No code files, scripts, or package management manifests were found.
- [Category 2: Data Exposure & Exfiltration] (SAFE): The skill operations are limited to local file modification of project artifacts and do not include network requests or credential access.
Audit Metadata