bkit-rules
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill defines a document-driven workflow that requires the agent to read external files (e.g., .plan.md and .design.md), creating a surface for indirect prompt injection. * Ingestion points: Documentation files located in 'docs/01-plan/features/' and 'docs/02-design/features/'. * Boundary markers: The skill does not define delimiters or instructions to ignore directives within these files. * Capability inventory: Uses MCP tools for file state management, task classification, and status reporting. * Sanitization: There is no requirement for content validation or sanitization of the external data.
- [NO_CODE]: The skill consists solely of Markdown and YAML configuration files; no executable Python, Node.js, or shell scripts are included.
- [SAFE]: The skill explicitly promotes security best practices, including adherence to the OWASP Top 10 and guidelines to avoid committing credentials in .env files.
Audit Metadata