note-it
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection as it ingests untrusted data from the codebase and requirement documents to generate documentation. 1. Ingestion points: Reads PRD files (e.g., tasks/prd-*.md) and source code during review. 2. Boundary markers: Absent. The skill does not define specific delimiters for the external content. 3. Capability inventory: File system write access to create HTML files in the docs/ directory. 4. Sanitization: Absent. The skill does not explicitly describe sanitization of the content before it is placed in the HTML template.
Audit Metadata