project-switch
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface. The skill instructions direct the agent to load and parse an external
project.mdfile to establish a session context, which can influence the behavior of subsequent operations. - Ingestion points: The agent reads project-specific metadata from
~/.config/finance-skills/projects/{project-code}/project.md(referenced in SKILL.md). - Boundary markers: There are no instructions defining delimiters or explicit 'ignore embedded instructions' warnings for the data read from the project files.
- Capability inventory: The resulting
current_projectcontext variable controls the output paths and operational scope for several other tools and skills, including/internal-audit:control-testingand/month-end-close:*(as listed in the '协作' section). - Sanitization: While the skill mentions YAML frontmatter parsing, it does not specify any validation or sanitization for the values retrieved from the external file before they are injected into the session context.
Audit Metadata