change-management
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted conversation data to generate structured documentation and file update instructions. * Ingestion points: Untrusted conversation text provided to the 'ChangeProcessor' class or the Copilot integration prompt. * Boundary markers: Absent; the instructions do not use delimiters or specific warnings to ignore embedded commands within the input conversation. * Capability inventory: The skill generates JSON instructions to modify file references ('reference_updates') and identifies affected project files. * Sanitization: No evidence of input validation or sanitization is present for the conversation text before processing.
Audit Metadata