Skills
skills/freeacger/loom/design-decision-audit/Gen Agent Trust Hub

design-decision-audit

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process untrusted data from design documents.
  • Ingestion points: Untrusted data enters the agent context in SKILL.md during Phase A (Context Preparation) and is subsequently passed to sub-agents in Phase B.
  • Boundary markers: The agents/module-auditor.md template uses a markdown header ## Design Document to delimit the content, but lacks explicit instructions to the model to ignore any embedded commands or formatting instructions within that content.
  • Capability inventory: The sub-agents defined in agents/module-auditor.md have access to the Read, Grep, and Glob tools, which could be abused if an attacker-controlled design document successfully influences the agent's behavior.
  • Sanitization: There is no evidence of input sanitization, escaping, or validation of the design document content before it is interpolated into the prompt templates using the {{DESIGN_DOC}} placeholder.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 04:26 PM