project-onboarding
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted content from the target codebase to generate documentation. Malicious instructions embedded in the project's documentation or code comments could attempt to influence the agent's output during the document generation phases.
- Ingestion points: The skill reads README.md, manifest files (e.g., package.json), and source code comments throughout Phase 0 and Phase 1 to extract project information.
- Boundary markers: There are no explicit instructions or delimiters provided to the agent to distinguish between data and instructions within the scanned files.
- Capability inventory: The skill utilizes Write, Edit, and Bash tools to create and modify documentation and memory files.
- Sanitization: While the skill implements a credential-focused security check in 'references/security-check.md', it lacks specific sanitization or filtering for adversarial prompt patterns in the ingested text.
Audit Metadata