adr
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE] (SAFE): The skill accesses local project documentation such as 'architecture-overview.md' and 'project-brief.md'. While these files contain project context, this behavior is essential for the skill's primary purpose and does not target sensitive system files or credentials.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill has a surface for indirect prompt injection as it processes untrusted data from project and research files.
- Ingestion points: Reads content from 'spaces/[project]/docs/project/', 'ideas/[project]/project-brief.md', and 'resources/research/*.md'.
- Boundary markers: Absent. The skill does not define specific delimiters or instructions to ignore embedded commands in the source files.
- Capability inventory: The skill has access to 'Write', 'Edit', and 'WebSearch' tools, which are powerful if triggered by an injection.
- Sanitization: Absent. No explicit sanitization or validation of the ingested file content is performed before it is processed by the model.
Audit Metadata