project-memory
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by requiring the agent to read and process existing repository files, such as AGENTS.md and various documentation files, which could contain malicious instructions.
- Ingestion points: Files read include AGENTS.md, docs/00-START-HERE.md, repository manifests, and configuration files (specified in SKILL.md under Setup Workflow).
- Boundary markers: None. The instructions do not define delimiters or provide specific guidance to ignore instructions embedded in the processed data.
- Capability inventory: The skill performs file system writes in SKILL.md (Update Workflow) to create or update documentation files and uses ripgrep (rg) via shell for repository inspection.
- Sanitization: None. There is no requirement for validation or sanitization of the content extracted from the repository.
- [COMMAND_EXECUTION]: The skill instructs the agent to use repository inspection tools such as ripgrep (rg --files) in SKILL.md (Setup Workflow) to understand the project structure and identify missing documentation.
Audit Metadata