intake
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by instructing the agent to aggregate information from potentially untrusted external data sources into a summary brief used for downstream task orchestration. \n
- Ingestion points: In SKILL.md, the process requires reading the user-request and project metadata including README files, commit history, issues, and pull requests. \n
- Boundary markers: The skill lacks explicit instructions for the agent to use delimiters or ignore instructions found within the ingested project metadata. \n
- Capability inventory: This skill (SKILL.md) does not execute subprocesses, perform network operations, or write to the filesystem; it functions as a logic and routing guide. \n
- Sanitization: There is no requirement for sanitizing or escaping the text gathered from the project environment before it is passed to the next workflow step.
Audit Metadata