backend-dev
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill workflow presents a surface for indirect prompt injection by aggregating user-supplied requirements and research data into its code generation processes.
- Ingestion points: User-provided business requirements and outputs from the 'Deep Research Agent' (SKILL.md).
- Boundary markers: The skill does not define clear delimiters or instructions to ignore instructions embedded within the requirements or research data during the implementation phase.
- Capability inventory: The skill possesses capabilities for complex project scaffolding, API implementation, and automated testing via '/sc:implement' and 'Playwright MCP' (SKILL.md).
- Sanitization: No explicit sanitization or validation steps are provided for external research data before it is used to influence architectural designs or code implementation.
Audit Metadata