prd
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection through user-provided feature descriptions. Ingestion point: User input for feature descriptions in Step 1. Boundary markers: None present. Capability inventory: Local file write (markdown) to the tasks/ directory. Sanitization: No sanitization or validation of input content is performed.
- [DATA_EXFILTRATION] (SAFE): No evidence of sensitive data access, hardcoded credentials, or network exfiltration to non-whitelisted domains.
- [COMMAND_EXECUTION] (SAFE): The skill does not invoke shell commands, subprocesses, or dynamic code execution modules.
Audit Metadata