readme-craftsman
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from the repository to perform its tasks.
- Ingestion points: The skill reads numerous untrusted files from the repository during the analysis phase, including package.json, pyproject.toml, requirements.txt, and other configuration or source files (SKILL.md, Step 2).
- Boundary markers: The instructions do not define clear delimiters or "ignore instructions" directives to prevent the agent from obeying instructions that may be embedded within the processed external files.
- Capability inventory: The agent is granted filesystemWrite and shell capabilities (skill.json), which could be misused if the agent inadvertently follows instructions found in analyzed project files.
- Sanitization: There is no explicit requirement for sanitizing or validating the content extracted from project files before it is processed by the agent.
Audit Metadata