glossary
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill performs legitimate project documentation tasks, such as creating YAML files and updating project metadata (e.g., CLAUDE.md) with terminology pointers.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its codebase scanning features.
- Ingestion points: Reads source code, type definitions, component names, and documentation files to suggest terminology (identified in SKILL.md).
- Boundary markers: Not explicitly defined in file processing logic, though the interactive nature of the skill provides a manual verification step.
- Capability inventory: File system read access (project-wide) and write access to specific documentation files.
- Sanitization: Ingested strings are presented to the user for approval before being committed to the glossary, mitigating the risk of automated instruction execution.
Audit Metadata