research-first-development
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The methodology relies on a 'Research Sprint' phase that ingests external, untrusted sources which could contain malicious instructions. Ingestion points: Phase 0 (Research Sprint) involves reading external academic papers, competitive analysis, and industry research (SKILL.md). Boundary markers: The skill does not explicitly provide delimiters or 'ignore' instructions for the research content. Capability inventory: The methodology establishes agents (Builder/Validator) intended to perform software implementation tasks and file generation (skills, instructions, agents) (SKILL.md). Sanitization: No sanitization or validation process for research data is mentioned. Mitigations: 1. Wrap external research content in delimiters with explicit 'ignore embedded instructions' warnings. 2. Sanitize and validate external content before interpolating into prompts or encoding into skills. 3. Add human review checkpoints before an agent aggregates many research inputs into a plan.
Audit Metadata