Skills
skills/webriq/webriq-workflow-skills/document/Gen Agent Trust Hub

document

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external files to generate documentation and determine control flow.
  • Ingestion points: The agent reads implementation details and test results from docs/task/{ID}-{task-name}.md and docs/testing/{ID}-{task-name}.md respectively.
  • Boundary markers: There are no explicit delimiters or instructions provided to the model to ignore or treat embedded instructions within these source files as untrusted data.
  • Capability inventory: The skill has the capability to write to and modify critical project files (including CLAUDE.md, LEARNINGS.md, and TASKS.md), and it can invoke the Task tool to spawn a /ship sub-agent with the haiku model.
  • Sanitization: The skill lacks any sanitization, validation, or escaping mechanisms for the content read from markdown files before it is used to update the codebase or passed as arguments to other tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 06:02 AM
Security Audit — agent-trust-hub — document