test-spec
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to its core function of processing external data.
- Ingestion points: The workflow in Phase 0 and Phase B requires the agent to read project-specific documentation (e.g.,
docs/business-features/) and source code components (e.g.,Entities/,UseCaseCommands/,UseCaseQueries/). - Boundary markers: There are no explicit instructions or delimiters provided to ensure the agent ignores or sanitizes instructions that might be maliciously embedded within the analyzed source code or documentation.
- Capability inventory: The skill uses powerful tools including
Bash,Write,Edit, andTaskCreate, which could be abused if an indirect injection were successful. - Sanitization: No sanitization or validation logic is defined for the content extracted from the files.
- [COMMAND_EXECUTION]: The skill is authorized to use the
Bashtool. It specifically instructs the use ofgrepandglobto search through directory structures (e.g., searching for entities, commands, and queries) during the codebase investigation phase.
Audit Metadata