discover
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Analysis of the skill's instructions, agent logic, and reference playbooks found no evidence of malicious code, data exfiltration, or unauthorized command execution. The skill is designed for conversational discovery and operates within its intended scope.\n- [PROMPT_INJECTION]: The skill features an attack surface for indirect prompt injection, as it is designed to ingest data from local project files which could contain untrusted instructions.\n
- Ingestion points: According to Step 1 in
SKILL.md, the agent scans the codebase forpackage.json,CLAUDE.md, and artifacts within theskills-resources/directory to gather context.\n - Boundary markers: The skill does not utilize explicit delimiters or 'ignore instructions' directives when reading content from these local files.\n
- Capability inventory: The skill is granted access to the
Bash,Read,Grep, andGlobtools, and it invokes a sub-agent defined inagents/idea-critic.md.\n - Sanitization: Data gathered from the local environment is included in the prompt context without sanitization or validation of its contents.\n- [EXTERNAL_DOWNLOADS]: The skill playbooks located in
references/operator-playbooks/contain URL references to X (Twitter) and GitHub. These are used as primary sources of information for the scoping frameworks (e.g., Y Combinator, Sahil Lavingia) and do not represent a remote code execution risk.
Audit Metadata