reference-alignment
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill contains natural language instructions and configuration metadata without any executable scripts, shell commands, or network operations.
- [INDIRECT_PROMPT_INJECTION]: The skill defines a workflow for ingesting and analyzing external references (code, websites, documentation), which is an inherent attack surface for indirect prompt injection.
- Ingestion points: SKILL.md instructs the agent to catalog and inspect "Source code, library, existing component, screenshot, website, video, diagram, doc, issue, previous implementation, or product behavior."
- Boundary markers: The instructions do not provide explicit delimiters or warnings to the agent to treat external content as data rather than instructions.
- Capability inventory: The skill does not request special tools (allowed-tools is empty/missing), relying on the agent's default capabilities for file reading and web browsing.
- Sanitization: No sanitization or validation of the ingested reference material is specified in the workflow.
Audit Metadata