design-doc-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted documentation files from the local repository.
- Ingestion points: The skill reads design documents from the
docs/design/directory and the vision document fromdocs/vision/vision.md(found inSKILL.md). - Boundary markers: There are no instructions or delimiters defined to isolate the document content from the agent's logic, nor are there warnings to ignore potentially malicious embedded instructions within those files.
- Capability inventory: The skill has the capability to read workspace files and write new files (as specified in the Output section of
SKILL.md). - Sanitization: The skill lacks any mechanism for sanitizing, escaping, or validating the text content of the files it evaluates.
Audit Metadata