constitution
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill does not contain any detected malicious patterns, obfuscation, or unauthorized data access. Its behavior aligns with its stated purpose of project governance and utilizes standard filesystem tools for analysis.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes untrusted data from the codebase during its discovery phase. However, this risk is mitigated by a mandatory human-in-the-loop (HITL) architecture.
- Ingestion points: The skill reads files throughout the project directory via sub-agents and discovery perspectives defined in
reference/perspectives.md. - Boundary markers: The skill uses a structured YAML-based rule interface to separate codebase evidence from the generated rules.
- Capability inventory: The agent has access to
Bash,Write,Edit, andTasktools, which are necessary for analyzing the project and updating the constitution. - Sanitization: The
presentRulesandwriteConstitutionfunctions include mandatoryAskUserQuestionsteps, ensuring the user reviews and approves all generated rules before they are committed to the filesystem.
Audit Metadata