audit-accessibility
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from the local filesystem.\n
- Ingestion points: Reads feature context from
.chalk/docs/product/,.chalk/docs/engineering/, and implementation source code.\n - Boundary markers: No instructions are provided to distinguish skill commands from audited content or to ignore embedded instructions.\n
- Capability inventory: The skill has access to
Read,Glob,Grep, andWritetools to interact with the local filesystem.\n - Sanitization: No validation or sanitization is performed on ingested content before it is processed by the agent.- [SAFE]: No direct prompt injection, obfuscation, or metadata poisoning was detected.- [SAFE]: No network operations, hardcoded credentials, or data exfiltration patterns were found.- [SAFE]: No external downloads, package installations, or remote code execution patterns are present.- [SAFE]: The skill uses standard file system tools for its intended purpose and does not attempt privilege escalation or persistence.
Audit Metadata