guardrails-writer
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests external data from the file system, creating a vulnerability surface for indirect prompt injection.\n- Ingestion points: The skill uses glob patterns in Phase 0 to scan local specifications, ADRs, architecture notes, and incident records (specified in SKILL.md).\n- Boundary markers: There are no defined delimiters or instructions to treat ingested content as untrusted data.\n- Capability inventory: The agent performs file system discovery and reading via Glob commands.\n- Sanitization: No sanitization or content validation is performed on the ingested files.
Audit Metadata