create-metrics-framework
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's core functionality is to create a metrics framework by reading local files and writing a new markdown file. All file operations are constrained to the .chalk/docs/product/ directory. No network operations or administrative commands are present.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing content from untrusted local documents to inform its definitions.
- Ingestion points: Reads PRDs, product profiles, and JTBD documents from .chalk/docs/product/ (SKILL.md).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the workflow.
- Capability inventory: Uses Read, Glob, Grep, and Write tools to manipulate local markdown files (SKILL.md).
- Sanitization: No validation or filtering of input content is specified. This risk is minimized by the restricted nature of the output generation task.
Audit Metadata