agile-doc-creator
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process untrusted external data (planning memos, RFPs, and source code) to generate Agile artifacts, creating a surface for indirect prompt injection where malicious instructions in the input could influence the agent's behavior. \n
- Ingestion points: Step 1 in
SKILL.mdidentifies multiple points where untrusted data enters the context, including source code paths, verbal input, and external files (.md, .txt, .pdf). \n - Boundary markers: The instructions lack specific requirements for using delimiters or boundary markers to isolate untrusted input from the agent's core instructions, which may lead to the agent inadvertently following instructions embedded within processed files. \n
- Capability inventory: The skill has permissions to read and write files within the workspace and can invoke external skills like
/pdf-parser. \n - Sanitization: No input sanitization or validation mechanisms are described to mitigate or filter out potentially malicious command-like strings within the processed documents.
Audit Metadata