start
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates entirely within the local development environment, focusing on project documentation (ADRs and context glossaries). It does not access sensitive credentials, perform network requests, or execute arbitrary shell commands.
- [PROMPT_INJECTION]: The skill incorporates an indirect prompt injection surface as it is instructed to explore the codebase and existing documentation to answer user questions.
- Ingestion points: The agent reads from
.red/CONTEXT.md, ADR files, and general project source code (e.g.,src/). - Boundary markers: There are no explicit instructions to the agent to ignore or delimit instructions found within the files it reads.
- Capability inventory: The skill allows the agent to read project files and write/update documentation files within the
.red/directory. - Sanitization: The skill does not implement validation or sanitization for the content it reads from the repository.
Audit Metadata