backend-development-feature-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect prompt injection vulnerability detected in the orchestration logic within
sub-skills/deployment-strategy.md. - Ingestion points: The
$ARGUMENTSvariable, derived from user-provided input insub-skills/required-parameters.md(specifically--feature), is interpolated directly into prompts for twelve different sub-agent types. - Boundary markers: Absent. The skill does not use delimiters (like triple quotes) or explicit instructions to sub-agents to ignore instructions embedded within the user-provided feature description.
- Capability inventory: The sub-agents triggered have high-impact capabilities, including backend code implementation, data pipeline construction, and CI/CD pipeline creation (
deployment-engineer). - Sanitization: No sanitization or validation of the
$ARGUMENTSstring is performed before it is passed to the sub-agent tools, allowing a malicious user to potentially override the sub-agent's intended task.
Audit Metadata