project-context-ingestion
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions are purely diagnostic, focusing on reading build files (e.g., 'build.gradle.kts', 'libs.versions.toml') and configuration files (e.g., 'application.yml', '.env.example') from the local repository to build a mental model of the project.
- [SAFE]: The skill references an external repository for its source ('github.com/Kotlin/kotlin-backend-agent-skills'), which is an official resource for the Kotlin language and related tooling.
- [SAFE]: The skill possesses an indirect prompt injection surface as it ingests content from repository files. Ingestion points: build files and application properties as defined in SKILL.md. Boundary markers: None specified in instructions. Capability inventory: Limited to file reading and context summarization. Sanitization: None explicitly defined. This is a standard risk for repository-analysis tools and does not escalate the verdict.
Audit Metadata