design-thinking
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill facilitates the ingestion and synthesis of untrusted data from external sources using the 'Read' and 'Grep' tools. An adversary could potentially include malicious instructions within user research documents to influence the agent's behavior. 1. Ingestion points: External files containing research and feedback accessed via 'Read' and 'Grep' tools. 2. Boundary markers: The skill does not define delimiters or specific 'ignore embedded instructions' warnings for external content. 3. Capability inventory: The skill utilizes the 'Write' tool, allowing for local file modification based on the processed inputs, and 'AskUserQuestion'. 4. Sanitization: There are no defined mechanisms for sanitizing or validating the external content prior to processing.
- [NO_CODE] (SAFE): No executable code, scripts, binaries, or automated runtime patterns were detected in the skill files. The skill consists entirely of instructional Markdown.
Audit Metadata