discuss
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill triggers a codebase exploration process using the Task tool with a sub-agent of type Explore to identify patterns and files related to the user's topic.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists within the discussion flow. 1. Ingestion points: Stage 1.4 involves a Task tool that reads data directly from the codebase. 2. Boundary markers: The instructions lack explicit delimiters or warnings to prevent the agent from following instructions found within the code it reads. 3. Capability inventory: The skill utilizes the Write tool in Stage 3.2 to create and save summary files in the .hoyeon/discuss/ directory. 4. Sanitization: No sanitization or verification logic is applied to the content retrieved from the codebase before it is written to the local file system.
Audit Metadata