Skills
skills/forefy/.context/agent-onboarding/Gen Agent Trust Hub

agent-onboarding

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by instructing the agent to define its identity and tasks based on the contents of a TODO.md file. * Ingestion points: TODO.md (SKILL.md). * Boundary markers: Absent; there are no delimiters provided to isolate untrusted data from the agent's instructions. * Capability inventory: The agent has the capability to read repository files (codebase, Makefile) and write to the TODO.md file. * Sanitization: Absent; the skill does not include instructions to validate or escape the data read from the TODO.md file.
  • [COMMAND_EXECUTION]: The skill suggests reading the Makefile for extra context, which may lead an agent to interpret or propose the execution of commands defined within that file.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 11:52 PM
Security Audit — agent-trust-hub — agent-onboarding