lcs-toprd
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's core functionality is to read local developer notes and repository context to populate a markdown template, which is a standard and safe behavior for coding assistants.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from local files such as
explore.mdanddebug.md, which could potentially contain malicious instructions. This is an ingestion surface for indirect prompt injection; however, because the skill's purpose is to summarize technical content for developer review, the risk is minimal. - Ingestion points:
explore.md,debug.md,state.md, and various files within the repository during exploration. - Boundary markers: No explicit delimiters or boundary instructions are defined to separate ingested content from the system prompt.
- Capability inventory: File reading access to the repository and file writing access to the
.lcs/work-items/directory. - Sanitization: No explicit sanitization or filtering of input content is performed before synthesis.
Audit Metadata