cheat-sheet-guide
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The instructions are strictly focused on documentation tasks. No attempts to override safety filters, extract system prompts, or bypass constraints were detected.
- Data Exposure & Exfiltration (SAFE): The skill reads configuration file paths and code patterns within the project directory. It does not attempt to access sensitive user directories (~/.ssh, ~/.aws) or use network tools (curl, wget) to send data externally.
- Indirect Prompt Injection (LOW): The skill possesses a vulnerability surface as it ingests untrusted data from the local project files.
- Ingestion points: The agent is instructed to 'Search the codebase' and 'Examine the Project' (SKILL.md, Step 2).
- Boundary markers: No specific delimiters or instructions are provided to the agent to ignore instructions embedded in the project files.
- Capability inventory: The skill only generates text output; it has no network, file-write, or command execution capabilities.
- Sanitization: No sanitization or validation of the codebase content is performed before generating the cheat sheet.
- Unverifiable Dependencies & Remote Code Execution (SAFE): There are no package installations, remote script downloads, or dynamic execution patterns present in the instructions.
Audit Metadata