create-jtbd-canvas
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes external data from existing project documentation to generate its output.
- Ingestion points: Loads files from the .chalk/docs/product/ directory using Read and Grep tools.
- Boundary markers: The prompt lacks explicit delimiters to distinguish between system instructions and data from source documents.
- Capability inventory: The skill has Write access to the local filesystem to save generated canvases.
- Sanitization: No sanitization or verification of the content from source documents is performed before it is used in prompt generation.
Audit Metadata