marshal
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes content from the local codebase, git history, and external documentation which acts as an untrusted input vector for indirect prompt injection.
- Ingestion points: The skill reads
CLAUDE.md, codebase files, and search results to gather context for planning and execution (Phase 1, Phase 2, and Phase 3). - Boundary markers: There are no instructions to the agent to treat external content as data only or to ignore instructions embedded within the files being analyzed.
- Capability inventory: The orchestrator has the ability to execute other skills, modify files (Phase 3 "perform the action"), and summarize findings in reports.
- Sanitization: The skill does not implement any validation or sanitization for the content ingested from the codebase.
Audit Metadata