gherkin-generator-skill
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists entirely of markdown documentation and agent instructions. It does not include any executable scripts, binaries, or references to external packages.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes arbitrary user input (functional requirements) through multiple agent iterations.
- Ingestion points: User-provided functional requirements and business context extracted in
SKILL.mdand utilized as input for both the generator and reviewer agents. - Boundary markers: Absent; the instructions do not specify the use of delimiters or explicit guardrails to prevent instructions embedded within the requirements from influencing agent behavior.
- Capability inventory: The skill has no dangerous capabilities such as subprocess execution, network requests, or direct file system access; it is strictly limited to text generation.
- Sanitization: No validation or filtering is applied to the requirements input before it is processed by the agents.
Audit Metadata