questioning
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill functions as a research assistant, utilizing codebase analysis and web search to provide users with direct answers. All operations, including sub-agent invocation and file creation, are transparent and align with its documented purpose.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection due to its processing of untrusted local and external data.
- Ingestion points: Local codebase files (Step 2), web search results (Step 2), and documentation fetched via context7 MCP.
- Boundary markers: No explicit delimiters or instructions are used to sandbox the data retrieved from external or local sources.
- Capability inventory: The skill can invoke specialized sub-agents (codebase-locator, web-search-researcher) and write Markdown files to the thoughts directory.
- Sanitization: There is no evidence of sanitization or safety checks performed on the data before it is presented to the user or saved to the file system.
Audit Metadata