clarify-unknown
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill correctly implements its strategic analysis function. Its operations, including context gathering and file writing, are legitimate and handled through standard agent tools.
- [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection through its ingestion of external files. Ingestion points: Analysis strategy documents and project files (README, CLAUDE.md). Boundary markers: Not explicitly defined. Capability inventory: File reading, file writing, and user questioning tool (AskUserQuestion). Sanitization: No explicit sanitization or filtering logic is present.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses project-level files for context. It does not access sensitive credential files, and there are no network operations or instructions to exfiltrate data.
Audit Metadata