onboard
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like
mkdirto create local handoff directories andfindto explore the project structure. These commands are used for legitimate project discovery and organization within the user's project directory. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it reads and summarizes external project files (e.g.,
package.json,requirements.txt, and source code) to generate summaries and reports. While this is an inherent property of project analysis tools, the skill's capabilities are limited to local context management. Ingestion points: Reads dependency manifests and source files from the project directory. Boundary markers: No specific delimiters or safety warnings are implemented to isolate untrusted content from agent instructions. Capability inventory: The skill can explore the filesystem and write handoff documentation to disk. Sanitization: The skill does not perform validation or sanitization on the contents of the files it analyzes.
Audit Metadata