document
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core workflow involves reading and analyzing arbitrary project files. Ingestion points: Target files and directories specified in the $ARGUMENTS variable. Boundary markers: No explicit delimiters are used to isolate untrusted file content from the agent's instructions. Capability inventory: The skill has the ability to read and write files, execute shell commands, and delegate tasks to other agents. Sanitization: No sanitization of the analyzed file content is mentioned before processing.
- [COMMAND_EXECUTION]: The skill's reference materials in
reference/knowledge-capture.mdinclude instructions for using shell commands such asfindandgrepto perform project-wide searches and deduplication. This represents a risk if the target paths provided in arguments are maliciously crafted. - [DATA_EXFILTRATION]: The skill's analysis process covers sensitive areas of a codebase, including external interfaces and authentication setups. The templates in
templates/interface-template.mdexplicitly prompt for documenting environment variables and authentication methods, which could lead to the exposure of sensitive architectural or credential-related information.
Audit Metadata