refine-approach
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates entirely on local project documents within defined directories (docs/brainstorm/, docs/plan/). No external network requests, sensitive credential access, or unauthorized persistence mechanisms were identified.
- [PROMPT_INJECTION]: The skill processes content from user-provided documents, which introduces an indirect prompt injection surface. Ingestion points: Document paths read in SKILL.md Step 1 and 2. Boundary markers: No specific delimiters or instructions are used to isolate the document content from the agent's task logic. Capability inventory: The skill can update documents inline (Step 5) and initiate downstream agent tasks like /plan or /build (Step 6). Sanitization: No sanitization or escaping is performed on the ingested document content.
Audit Metadata