my-dev-team
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill directly interpolates the
{feature_description}variable into the PM agent's prompt. This allows a user to provide instructions that override the agent's system prompt (Direct Prompt Injection). - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface across its multi-agent pipeline.
- Ingestion points: Untrusted user input enters through the
feature_descriptionvariable in the PM agent and is passed to the Architect, Developer, and Reviewer agents via generated markdown files (docs/PRD.md,docs/ARCH.md). - Boundary markers: There are no explicit delimiters or instructions provided to the agents to distinguish between system instructions and user-provided data.
- Capability inventory: The pipeline has the capability to write, read, and modify arbitrary code files in the local filesystem.
- Sanitization: Validation is limited to keyword checks (e.g., checking for 'Background' or 'Component') and does not include sanitization of the content itself.
- [COMMAND_EXECUTION]: The Developer agent is explicitly tasked with generating 'actually executable code' based on instructions that originate from untrusted user input. This facilitates the creation of potentially malicious scripts or backdoors within the generated project structure.
Audit Metadata