design-spec
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted data.
- Ingestion points: Processes external data from PBI/story text, Figma URLs, and images (SKILL.md, Workflow section).
- Boundary markers: No delimiters or specific instructions are provided to the agent to distinguish user-provided content from the skill's instructions.
- Capability inventory: The skill has access to powerful tools including Bash, Write, and Edit (SKILL.md, allowed-tools configuration).
- Sanitization: There is no evidence of sanitization or validation of the requirements text before it is analyzed by the agent.
Audit Metadata