to-prd
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection by processing external codebase data to generate documentation.
- Ingestion points: Codebase state and conversation context (SKILL.md).
- Boundary markers: No delimiters or instructions are used to prevent the agent from following instructions embedded within the codebase or context.
- Capability inventory: The skill is permitted to use
Bash,Write,Edit,Grep, andGlobtools (SKILL.md). - Sanitization: No validation or sanitization of the processed context is performed.
- [COMMAND_EXECUTION]: The skill references the execution of a local validator script (
.agent-skills/skill-standardization/scripts/validate_skill.sh) and a setup command (setup-matt-pocock-skills) as part of its operational workflow.
Audit Metadata