discover-presentation
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a data ingestion flow that creates an indirect prompt injection surface by collecting and storing free-form user input for later use in subsequent automated phases.
- Ingestion points: Free-form answers to interview questions regarding topic, audience, and goals defined in
QUESTIONS.md. - Boundary markers: Absent; the skill does not wrap the ingested user data in delimiters or include instructions for downstream skills to ignore embedded commands.
- Capability inventory: The skill has the capability to write local project files (
DISCOVERY.jsonandPROJECT.json). - Sanitization: No validation, escaping, or filtering of the user-provided interview responses is performed before they are committed to storage.
- [COMMAND_EXECUTION]: The skill uses shell commands for environment validation and project maintenance tasks.
- Evidence: Executes
which marpinSKILL.mdto verify if the required CLI tool is available in the environment. - Evidence: Implements a state-reset protocol in
RESTART-GUARD.mdthat performs targeted file deletions to remove stale project assets. These operations are restricted to the local project folder and are only executed after explicit user confirmation through an interactive menu.
Audit Metadata