end-user-onboarding
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes data from untrusted repository files.
- Ingestion points: The agent reads content from
README,docs/*,pyproject.toml, andpackage.jsonto inventory installation steps and environment requirements. - Boundary markers: The instructions do not specify the use of delimiters or provide warnings to ignore embedded agent commands when processing these external documents.
- Capability inventory: The skill can propose documentation or configuration edits and can drive deployment steps via Model Context Protocol (MCP) integrations if they are connected by the user.
- Sanitization: No sanitization or validation of the ingested file content is required before the agent incorporates it into its workflow.
- [COMMAND_EXECUTION]: The skill explicitly mentions that the agent can "drive deploy steps" if an MCP server or specific integration is connected. This describes a capability to perform actions on external infrastructure based on information gathered during the onboarding audit.
Audit Metadata