feature-workflow
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill exhibits a high-risk surface for Indirect Prompt Injection (Category 8) by combining untrusted data ingestion with high-privilege repository write capabilities.
- Ingestion points: Untrusted data enters the agent context during the 'Discovery' phase (user descriptions) and the 'Analysis' phase (codebase exploration).
- Boundary markers: There are no defined delimiters or instructions to ignore embedded commands within the processed data, increasing the likelihood of the agent obeying malicious instructions hidden in code or documentation.
- Capability inventory: The skill's stated purpose includes 'implementation', 'managing PRs', and 'archival' workflows, granting it the power to commit code and alter the repository structure.
- Sanitization: No evidence of input validation, escaping, or sanitization of external content is present in the workflow definition.
Recommendations
- AI detected serious security threats
Audit Metadata