speckit-constitution
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): This skill creates an indirect prompt injection surface through its core workflow. Ingestion points: Untrusted data enters the agent context from user-provided principles and amendments, as well as existing repository files (README, documentation). Boundary markers: No delimiters or isolation instructions are defined to separate user input from system logic. Capability inventory: The skill possesses extensive write capabilities across the repository, specifically targeting instruction-bearing files like .claude/commands/.md, .github/prompts/.prompt.md, and skills/*/SKILL.md. Sanitization: No escaping or validation is performed on the untrusted content before it is interpolated into these files. This allows an attacker to inject persistent malicious instructions that propagate to all other agents in the system context.
Recommendations
- AI detected serious security threats
Audit Metadata