working-on
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by ingesting untrusted data from local project files.
- Ingestion points: The skill reads file names and content from
DESCRIPTION,Project.toml, andREADME.mdfiles (specifically titles and first lines) across the directory hierarchy inSKILL.md. - Boundary markers: No explicit delimiters or boundary markers are defined to isolate the extracted content from the instructions in the generated
CLAUDE.mdfile. - Capability inventory: The skill has the capability to read any file within the directory hierarchy and write/update a
CLAUDE.mdfile in the current working directory. - Sanitization: There is no evidence of sanitization or filtering of the content extracted from
README.mdor other configuration files before it is placed into the inventory.
Audit Metadata