guide
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill performs local filesystem scanning of specific directories (e.g., docs/, spec/, design/) to identify project artifacts. This access is restricted to common documentation formats and is consistent with the skill's purpose as a project guide. No evidence of unauthorized data transmission or network exfiltration was found.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill ingests content from Markdown and YAML files within the user's repository as defined in
references/workflow-map.yaml. - Boundary markers: The skill prioritizes
TRACEABILITY-METADATAblocks and specific document headers to distinguish structured data from free-form text. - Capability inventory: The skill is limited to recommending workflow-specific slash commands (e.g.,
/prd-writer,/test-reviewer). It does not possess capabilities for arbitrary shell execution, file modification, or network requests. - Sanitization: The skill uses strict artifact identification rules (defined in
references/artifact-detection.md) to minimize the impact of misleading content in processed files. - [COMMAND_EXECUTION]: The skill identifies and recommends canonical slash commands for the agent to use. These commands are mapped to specific project nodes within the TestAny-io ecosystem. There is no evidence of the skill attempting to execute arbitrary system commands or bypass security restrictions.
Audit Metadata