project-idea-editor
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill structure identifies an indirect prompt injection surface (Category 8) due to the way it handles external documentation.
- Ingestion points: The agent is instructed to read the file
DEMO/GameDesignDocument.mdand user-provided feature descriptions, treating them as the source of truth for its planning and code generation tasks. - Boundary markers: There are no defined delimiters or specific instructions to disregard potentially malicious commands embedded within these design documents or user descriptions.
- Capability inventory: The skill has the permission to perform file writes (to documents and source code) and execute shell commands through the project's build tools.
- Sanitization: No sanitization or filtering logic is present to validate that content from the Game Design Document does not contain override instructions for the agent's behavior.
- [COMMAND_EXECUTION]: The skill is configured to execute shell commands as part of its validation and implementation workflow.
- Evidence: The
validate_resultcommand inSKILL.mdand the validation framework inreferences/validation.mduse shell execution for tasks such asnpm run lint,npm test,./gradlew compileKotlin, and./gradlew test. While these are standard build and test operations, they constitute a powerful capability when combined with the agent's ability to modify source code.
Audit Metadata