create-incident-report
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is well-structured and follows best practices for incident reporting. It interacts only with local documentation files within the .chalk/docs/engineering/ directory and performs legitimate file management tasks.
- [DATA_EXFILTRATION]: No network access is requested or used. All data processing and report generation occur within the local project environment.
- [PROMPT_INJECTION]: An attack surface for indirect prompt injection exists because the skill processes untrusted data. Ingestion points: user arguments and documentation files located in .chalk/docs/engineering/. Boundary markers: none. Capability inventory: Read, Glob, Grep, Bash, and Write tools. Sanitization: none. However, because the skill has no network access or sensitive system file access, this surface does not present an exploitable risk in the current context.
Audit Metadata