swing-mortem
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because its core functionality relies on processing untrusted external data such as project plans, source code, and architecture documents.
- Ingestion points: Phase 1 instructions require the agent to 'read relevant files', 'examine timelines and dependencies', and 'review the rationale' within the project environment.
- Boundary markers: The instructions lack delimiters or specific warnings for the agent to ignore potential instructions embedded within the files being analyzed.
- Capability inventory: The skill utilizes the 'Read', 'Grep', 'Bash', and 'Agent' tools.
- Sanitization: No sanitization or validation procedures for ingested content are specified. Remediation: Wrap external content in clear delimiters with an explicit warning to ignore any embedded instructions.
Audit Metadata