new-feature
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes untrusted content from
discovery.mdand other project files to generate new documentation. - Ingestion points: Accesses
ai/specs/*/discovery.mdand all files within associatedinputs/directories (SKILL.md, Step 1). - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the ingested discovery data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill uses file search (
Glob), file reading (Read), and instructions to create new files in the project structure. - Sanitization: There is no evidence of text sanitization or validation for the content read from discovery files before it is used for artifact generation.
- [SAFE]: The skill's operations are confined to the local project environment for the purpose of documentation management. It does not attempt to access sensitive system paths (e.g., SSH keys, cloud credentials), does not perform network requests, and does not execute remote code.
Audit Metadata