onboard
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues or malicious patterns were identified. The skill is designed for static analysis and documentation synthesis, operating within appropriate project boundaries.\n- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI tool to retrieve project issue metadata. This is a standard and expected operation for gathering information to include in onboarding documentation.\n- [PROMPT_INJECTION]: The skill processes project files and GitHub issues, creating an indirect prompt injection surface. Ingestion points: README.md, CONTRIBUTING.md, and GitHub CLI output. Boundary markers: Absent. Capability inventory: Reading local files, calling subordinate agent skills, and writing reports to the .turbo directory. Sanitization: Absent. The risk is evaluated as minimal because the ingested data is used only for text synthesis and is not passed to executable contexts or sensitive network operations.
Audit Metadata