deep-interview
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill logic is focused on interactive requirements gathering and includes explicit restrictions against sensitive operations like git commands or plan generation.
- [COMMAND_EXECUTION]: The skill orchestrates specialized sub-agents (Explore, interviewer) using the Agent tool to perform structured questioning and context gathering based on user input.
- [DATA_EXFILTRATION]: Accesses local codebase patterns using an 'Explore' sub-agent when the --deep flag is enabled. This data informs the interview and is stored in a local insights file; no network exfiltration is attempted.
- [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection through its ingestion of untrusted data.
- Ingestion points: User-provided interview answers and codebase context extracted via sub-agents (SKILL.md).
- Boundary markers: None explicitly defined in sub-agent prompts to distinguish between instructions and data.
- Capability inventory: File writing (Write tool) and sub-agent orchestration (Agent tool).
- Sanitization: No explicit sanitization or filtering is specified for user inputs or codebase findings before they are passed to the interviewer agent.
Audit Metadata