plan
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill demonstrates a high-risk attack surface by ingesting untrusted user requirements and having the capability to write to the filesystem.
- Ingestion points: The skill is triggered by user requests to analyze requirements and features as defined in
SKILL.md. - Boundary markers: Absent. There are no delimiters (e.g., XML tags or triple quotes) used to isolate user input from the agent's internal instructions.
- Capability inventory: The skill is explicitly designed to write several markdown files (
plan.md,rationale.md,TaskList.md,README.md) to the./docs/directory structure at runtime. - Sanitization: Absent. The prompt contains no instructions to sanitize, escape, or ignore embedded instructions within the user-provided data, allowing a malicious user to potentially steer the agent's file-writing behavior or inject malicious tasks into the generated
TaskList.md.
Recommendations
- AI detected serious security threats
Audit Metadata