define-vision
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to process project context to generate vision statements. All file operations are restricted to the local documentation directory (defaulting to
docs/project-overview/). - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it reads untrusted data from existing mission files or user input.
- Ingestion points:
docs/project-overview/mission.mdand user-provided project context (SKILL.md, Execution Process Step 1). - Boundary markers: Absent. The instructions do not specify delimiters or instructions to ignore commands embedded within mission files.
- Capability inventory: File-write capabilities to the
docs/directory. - Sanitization: Absent. The content from external files is used directly to inform the vision drafting process.
- [EXTERNAL_DOWNLOADS]: The README.md mentions an installation command
npx skills add nesnilnehc/ai-cortex. This refers to the author's own repository and is a standard procedure for adding skills in this environment. - [REMOTE_CODE_EXECUTION]: No patterns for remote code execution or unauthorized shell access were found in any of the analyzed files.
Audit Metadata