status
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to read content from various markdown files (e.g.,
context-builder.md,jtbd-capture.md) to find status markers. This creates a surface for indirect prompt injection if those files contain malicious instructions meant to hijack the agent's behavior during the status report. - Ingestion points: Reads the content of 10+ specific markdown files and scans the
context/directory. - Boundary markers: None. The agent is not provided with delimiters or instructions to treat the file content as untrusted data.
- Capability inventory: None. The skill does not contain any scripts, subprocess calls, or network operations.
- Sanitization: None. The skill relies on natural language parsing without explicit validation of the file contents.
- [NO_CODE]: This skill contains no executable scripts (Python, JavaScript, Bash) or binaries. It is composed entirely of markdown instructions for the AI agent.
Audit Metadata