Skills
skills/dykyi-roman/awesome-claude-code/acc-create-composite/Gen Agent Trust Hub

acc-create-composite

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is highly susceptible to indirect prompt injection due to its reliance on template interpolation for code generation.\n
  • Ingestion points: Placeholders such as {Name}, {operation}, {returnType}, and {BoundedContext} are intended to be filled with user-provided data from potentially untrusted sources.\n
  • Boundary markers: No boundary markers or clear instructions are provided to the agent to treat these inputs as untrusted data or to ignore instructions embedded within the user input.\n
  • Capability inventory: The skill instructions guide the agent to perform file-writing operations across the project structure (src/Domain/, tests/Unit/).\n
  • Sanitization: There is an absence of sanitization or validation logic to ensure that user inputs do not contain malicious code, path traversal sequences, or characters that could break the PHP syntax to inject arbitrary commands.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:21 AM