refine-project-context
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface (Category 8). The skill reads the entire codebase to validate the PROJECT_CONTEXT.md file. This creates a surface where malicious instructions embedded in the codebase (such as in code comments or strings) could potentially influence the agent's audit findings or documentation updates.
- Ingestion points: The skill reads 'Actual codebase files' as specified in SKILL.md.
- Boundary markers: The instructions lack delimiters or specific 'ignore' directives to help the agent distinguish between code logic and potential embedded instructions.
- Capability inventory: The skill provides the agent with broad read access to the codebase and the ability to modify documentation files in the .agents/ directory.
- Sanitization: There is no mention of sanitization, filtering, or validation of the ingested code content before it is processed by the LLM.
Audit Metadata