review
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and act upon untrusted content found in the codebase and documentation it reviews.
- Ingestion points: The skill reads
brain/principles.md(Step 1) and various project files/plans (Step 3) that are subject to external modification. - Boundary markers: There are no instructions provided to the agent to treat the content of these files as data only or to ignore any embedded natural language instructions.
- Capability inventory: The skill has the ability to write audit reports to the filesystem, update task lists, and invoke other system skills such as
/todo. - Sanitization: The skill lacks any mechanism to sanitize the ingested content before it is processed by the LLM.
Audit Metadata