workflow-principles
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted project data into persistent agent instructions.\n
- Ingestion points: Project configuration and documentation files (e.g., package.json, README.md) are read via Glob and Read tools.\n
- Boundary markers: The generation template does not use delimiters to isolate external data.\n
- Capability inventory: The skill has read/write access to local and global CLAUDE.md files.\n
- Sanitization: No validation or escaping is performed on data retrieved from files before it is written to the configuration.
Audit Metadata