Skills
skills/generaljerel/chalk-skills/create-data-model/Gen Agent Trust Hub

create-data-model

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the repository to generate documentation.
  • Ingestion points: The workflow reads project context from .chalk/docs/engineering/ and scans the entire codebase for migration files, ORM model definitions, and schema files using Grep and Read tools.
  • Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when processing the files found in the codebase.
  • Capability inventory: The skill uses Read, Glob, Write, and Grep tools. It can read repository content and write new documentation files to the .chalk/docs/engineering/ directory.
  • Sanitization: Absent. There is no mention of sanitizing or validating the content retrieved from existing files before it is processed by the agent to design the new model.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 08:09 AM
Security Audit — agent-trust-hub — create-data-model