clarifying-assumptions
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it ingests untrusted data from external planning artifacts and ticket summaries (e.g.,
docs/<TICKET_KEY>-tasks.md). This data is used to influence the clarification logic and is subsequently written back to project documentation. While the skill uses structured templates, it lacks explicit boundary markers to isolate instructions from ingested content. - [EXTERNAL_DOWNLOADS]: Fetches conceptual background and technical rationale from well-known and reputable sources, including Anthropic's documentation, Wikipedia, ThoughtWorks, and various established technical blogs. These references are used solely for educational context and guidance during the clarification process.
- [COMMAND_EXECUTION]: The subagents perform automated file operations to read project configurations (like
package.json) and write orchestration artifacts (critiques and decision logs) to thedocs/directory. It also utilizes web search capabilities to gather current industry information on technology choices.
Audit Metadata