onboard
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and reframes untrusted external data from project documentation and issue trackers.
- Ingestion points: The skill reads several files including
README.md,CONTRIBUTING.md, and GitHub issues (via theghCLI) to gather setup and troubleshooting information. - Boundary markers: No explicit delimiters or instructions are provided to the agents to treat the ingested project content as untrusted data or to ignore potential instructions embedded within those files.
- Capability inventory: The skill orchestrates multiple sub-agents, executes other analysis skills, reads and writes files within the project's
.turbo/directory, and executes shell commands for GitHub interactions. - Sanitization: There is no evidence of sanitization, escaping, or schema validation for the data extracted from the project files and issues before it is used to generate the final onboarding reports.
Audit Metadata