wayfinder
Pass
Audited by Gen Agent Trust Hub on Jul 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes and acts on untrusted data from issue trackers.
- Ingestion points: The agent reads issue bodies, titles, and labels from hosted trackers, Beads state, or local Markdown files during both the charting and resolution phases.
- Boundary markers: While the skill uses Markdown headers (such as '## Question' and '## Destination') to organize data, it lacks explicit instructions to the AI to treat the ingested content as untrusted or to ignore embedded commands.
- Capability inventory: The skill can modify the issue tracker state, claim issues, and invoke secondary skills like '/prototype' and '/grilling' based on the content of the issues it reads.
- Sanitization: There is no evidence of sanitization or validation of the issue content to prevent adversarial instructions from influencing the agent's behavior.
- [SAFE]: The skill implements good security practices by requiring the user to explicitly configure the issue tracker through a setup command rather than inferring sensitive locations from environment variables or Git remotes.
Audit Metadata