Skills
skills/sanxzy/skills/generate-tech-debt/Gen Agent Trust Hub

generate-tech-debt

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill performs local file management for documentation purposes. Its actions are constrained to a specific file path (/TECH_DEBT.md) and it requires explicit user approval (Step 4) via the AskUserQuestion tool before any modifications are made.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted user input and output from an external skill dependency.
  • Ingestion points: User freeform instructions and the FINAL.md file produced by the /lets-quick-discussion skill.
  • Boundary markers: No specific delimiters or safety instructions are defined for the ingested data.
  • Capability inventory: The skill has the ability to read project files and write to the file system using the Edit tool.
  • Sanitization: User input and external data are incorporated into the tech debt log verbatim; however, the mandatory user confirmation step and the documentation-focused nature of the file reduce the overall risk.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 12:04 AM
Security Audit — agent-trust-hub — generate-tech-debt