document
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill identifies and recommends plugins from trusted GitHub organizations including 'vercel-labs' and 'supabase'. Per the security guidelines (TRUST-SCOPE-RULE), these references to reputable sources are considered low risk.
- [PROMPT_INJECTION] (LOW): The skill exposes an attack surface for Indirect Prompt Injection (Category 8). Evidence chain: 1. Ingestion points: Reads implementation and verification data from files in 'docs/task/' and 'docs/testing/'. 2. Boundary markers: No clear delimiters or instructions to ignore embedded commands are present in the processing logic. 3. Capability inventory: The agent has permissions to write to critical project files ('CLAUDE.md', 'TASKS.md') and invoke the '/ship' subagent tool. 4. Sanitization: There is no evidence of validation or escaping for the data read from these external documents before they are used in documentation generation or workflow state changes.
Audit Metadata