skills/aws-samples/review-and-assessment-powered-by-intelligent-documentation/plan-backend-frontend/Gen Agent Trust Hub
plan-backend-frontend
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Instructs the agent to perform local environment discovery using
ls -laon backend and frontend feature directories to analyze existing implementation details. - [COMMAND_EXECUTION]: Directs the agent to manage local development services and databases using
npm run dev,docker-compose, andnpm run prisma:migrate. - [COMMAND_EXECUTION]: Provides instructions for verifying API endpoints using
curlagainsthttp://localhost:3000, including bypassing authentication for local development using theRAPID_LOCAL_DEV=trueenvironment variable. - [PROMPT_INJECTION]: Detected an Indirect Prompt Injection surface where malicious instructions in processed files could influence agent behavior.
- Ingestion points: Analyzes directory structures (
ls -la) and file content withinbackend/src/api/features/andfrontend/src/features/to create implementation plans. - Boundary markers: Uses specific plan templates but lacks explicit instructions or delimiters to ignore embedded natural language commands found in the source code files.
- Capability inventory: The agent can execute shell commands (
npm,docker-compose,curl), perform file system operations, and generate code/plans based on analyzed content. - Sanitization: No validation or sanitization of the content read from existing project files is performed before inclusion in the reasoning process.
- Mitigation: Includes a mandatory human checkpoint ("STOP and wait for 'Go' or 'Proceed' from user") before the agent moves from planning to code implementation.
- [EXTERNAL_DOWNLOADS]: References standard package management workflows via
npmfor installing dependencies and running development scripts.
Audit Metadata