pre-mortem
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a local Python script (
pre-mortem.py) to validate generated risk inventories. The script implements security best practices by validating file paths and ensuring they do not resolve outside the current working directory, preventing path traversal. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted project descriptions and reads markdown files. However, the associated risk is negligible because the skill's capabilities are restricted to text generation and a sandboxed validation script. 1. Ingestion points: User project context and risk inventory files. 2. Boundary markers: Uses structured markdown templates for data separation. 3. Capability inventory: File reading (via script) and text output. 4. Sanitization: Relies on internal platform safety filters.
Audit Metadata