Skills
skills/willoscar/research-units-pipeline-skills/human-checkpoint/Gen Agent Trust Hub

human-checkpoint

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it instructs the agent to read and act upon content from local project files.
  • Ingestion points: The agent reads state and context from UNITS.csv, STATUS.md, DECISIONS.md, and files in the pipelines/ directory.
  • Boundary markers: The instructions lack explicit delimiters or warnings to ignore potentially malicious instructions embedded within these project files.
  • Capability inventory: The skill involves reading multiple project files, writing updates to DECISIONS.md, and potentially invoking the pipeline-router command as indicated in the troubleshooting section.
  • Sanitization: No content validation or sanitization is specified for the inputs derived from the external files.
  • [NO_CODE]: This skill consists entirely of natural language instructions in Markdown format and does not include any executable scripts, binaries, or configuration files that run code directly.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 09:18 AM