chatter-driven-development
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (HIGH): High vulnerability to Indirect Prompt Injection due to the ingestion of untrusted external content combined with high-impact capabilities. • Ingestion points: The skill ingests data from Slack, email, meeting transcripts, and Reddit complaints. • Boundary markers: Absent; the agent is instructed to parse 'unstructured chatter' without mention of delimiters or instruction filtering. • Capability inventory: The agent can proactively draft Pull Requests, answers, and analyses, and is intended to be connected to internal communication channels. • Sanitization: Absent; the skill specifically advises against 'deep code review' in favor of 'low-friction' approval, which effectively removes the primary defense against malicious output generated by indirect injection.
- [NO_CODE] (INFO): The skill contains no executable code or scripts, consisting only of markdown documentation. However, the instructions themselves promote insecure security architectures.
Recommendations
- AI detected serious security threats
Audit Metadata