skills/4444j99/a-i--skills/premortem/Gen Agent Trust Hub

premortem

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill is designed to scan the user's workspace for project context, specifically looking for files like CLAUDE.md and directories such as memory/. This file access is transparently described and essential for grounding its risk analysis in actual project details.
  • [COMMAND_EXECUTION]: The instructions direct the agent to generate and then open an HTML report (premortem-report-[timestamp].html). This involves standard file-writing and file-opening operations used to present results to the user.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests data from external project files and interpolates it into prompts for sub-agents.
  • Ingestion points: Workspace files (identified in SKILL.md under Step 1: scan for existing context).
  • Boundary markers: The sub-agent prompt template uses --- delimiters, though it lacks explicit warnings to ignore instructions within the project data.
  • Capability inventory: Uses Glob and Read for discovery, and Write followed by Open for report delivery.
  • Sanitization: No explicit sanitization of the file content is performed before it is processed by sub-agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 12:02 PM
Security Audit — agent-trust-hub — premortem