conductor-new-track
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill possesses an indirect prompt injection surface.
- Ingestion points: Reads project context files (conductor/product.md, conductor/tech-stack.md, conductor/workflow.md) and user-provided strings.
- Boundary markers: No delimiters or safety instructions are used to isolate ingested data from the agent's instructions.
- Capability inventory: The skill is capable of writing multiple files to the local conductor/ directory.
- Sanitization: Input is interpolated directly into document templates without validation or escaping.
- DATA_EXFILTRATION (SAFE): No credentials, sensitive system paths, or network operations were detected.
- COMMAND_EXECUTION (SAFE): No shell commands, subprocesses, or system-level executions are invoked.
- REMOTE_CODE_EXECUTION (SAFE): No external dependencies are downloaded or executed.
Audit Metadata