launch-checklist

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted content from the repository during the audit phase, which creates a surface for indirect prompt injection attacks.
  • Ingestion points: The agent reads the repository's code, frameworks, and configuration files to perform its audit in SKILL.md.
  • Boundary markers: There are no explicit delimiters or instructions provided to isolate the codebase data from the agent's logic during processing.
  • Capability inventory: The skill has the capability to create directories and write to files (docs/launch-checklist.md).
  • Sanitization: No specific validation or escaping mechanisms are described for data extracted from the repository before it is included in the generated checklist.
  • [SAFE]: The skill implements proactive security warnings, explicitly instructing the agent and the user never to share secrets, API keys, or credentials within the chat interface.
  • [SAFE]: No evidence of obfuscation, remote code execution, or unauthorized network activity was found in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 02:12 AM