skill-pipeline
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The orchestrator logic identifies a surface for indirect prompt injection by processing external data from task descriptions and project files to guide its classification and routing decisions.
- Ingestion points: The skill reads user task descriptions, plan files in 'docs/plans/', and handoff files in '.context-surfing/'.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions for the agent when processing these external files.
- Capability inventory: The skill is limited to high-level task classification and dispatching to other specialized skills.
- Sanitization: No explicit sanitization or validation of the ingested content is described in the orchestration flow.
- [SAFE]: The skill includes defensive design patterns by defining audit phases (such as 'harden-auditor') specifically tasked with identifying security risks like secrets exposure, authorization flaws, and injection vectors in the codebase.
Audit Metadata