accelint-onboard-agents
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it ingests untrusted data from the local repository—such as git commit logs, existing configuration files, and package manifests—to derive and suggest agent behavior rules.
- Ingestion points: The skill reads content from AGENTS.md, package.json, .github/workflows/, .husky/, and git log --oneline outputs (SKILL.md).
- Boundary markers: There are no explicit XML-style or delimited boundary markers used when the agent processes these external files, though the conversational interview structure provides some context isolation.
- Capability inventory: The skill has the permission to write or modify AGENTS.md and CLAUDE.md files at the project root (SKILL.md).
- Sanitization: The risk is significantly mitigated by a mandatory 'Preview and Write' phase that requires the user to review all inferred content and give explicit confirmation before any filesystem changes occur.
Audit Metadata