crm-builder
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by design, as it requires the agent to ingest and process data from external sources such as DOMAIN.md or .tasks/domain.md to define the generated application's structure, fields, and behavior.
- Ingestion points: The skill reads terminology, entity definitions, and pipeline stages from DOMAIN.md and .tasks/domain.md (referenced in the Reference Files section).
- Boundary markers: There are no instructions for the agent to use delimiters or ignore embedded natural language instructions within the processed data files, which could lead the agent to follow malicious commands hidden in the documentation.
- Capability inventory: The skill enables the agent to generate React code, configure state management (localStorage), and define Role-Based Access Control (RBAC) logic, all of which are exploitable if the input data is manipulated.
- Sanitization: The instructions lack any requirement for the agent to validate, sanitize, or escape the content retrieved from the domain files before using it in code generation.
Audit Metadata