frame-problem
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted stakeholder requests from external sources like Slack or email (Phase 1), creating a surface for indirect prompt injection. Evidence Chain: 1. Ingestion points: Stakeholder requests described in Phase 1. 2. Boundary markers: Absent. 3. Capability inventory: Read-only codebase access for architectural analysis (Phase 3). 4. Sanitization: Absent. The risk is assessed as low because the skill focuses on analysis and does not grant the agent dangerous capabilities like arbitrary code execution or network transmission.
- [DATA_EXFILTRATION]: No evidence of data exfiltration was found. While the skill instructs the agent to read local codebase files (models, controllers, views) to understand context, it does not contain any network communication patterns to transmit this information to external servers.
- [SAFE]: The core functionality of the skill is architectural analysis and problem reframing, which is a standard and benign software development task. It does not attempt privilege escalation, persistence, or the installation of untrusted dependencies.
Audit Metadata