aisdlc-project-discover-preflight
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No security issues were detected. The skill functions as a set of logical guidelines for auditing a project.
- [PROMPT_INJECTION]: No direct prompt injection, safety bypass attempts, or instructions to ignore previous rules were detected. The procedural prompts provided are focused on the task of project documentation.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill encourages identifying sensitive configuration paths (e.g., .env.example, config/*). However, the output is directed to a local file within the project structure, and no network exfiltration logic is present.
- [INDIRECT_PROMPT_INJECTION]: The skill creates an ingestion surface by requiring the agent to read and summarize potentially untrusted external project files.
- Ingestion points: SKILL.md (instructions), project directory structure, build scripts (package.json, Makefile), CI/CD configurations (.github/workflows/*), and contract schemas.
- Boundary markers: None present in the instructions to prevent the agent from following instructions embedded within the analyzed files.
- Capability inventory: File system read access and command/path identification.
- Sanitization: No sanitization or validation of the content of the identified files is suggested.
Audit Metadata