Skills
skills/freeacger/loom/design-readiness-check/Gen Agent Trust Hub

design-readiness-check

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests untrusted data from the user (design trees) and interpolates it directly into the prompts of multiple sub-agents (branch-checker, assumption-checker, failure-checker, risk-checker).
  • Ingestion points: Untrusted data enters the agent context through the {{DESIGN_TREE}} and {{CONTEXT}} placeholders in the sub-agent templates located in the agents/ directory.
  • Boundary markers: Absent. The templates do not use delimiters (e.g., XML tags or triple backticks with clear warnings) to separate the untrusted user content from the sub-agent's instructions, making it easier for malicious data to override agent behavior.
  • Capability inventory: The sub-agents are configured with file-system access tools (Read, Grep, Glob), which could be abused if an injection attack successfully tricks the agent into reading sensitive files outside the design scope.
  • Sanitization: There is no evidence of input validation, escaping, or filtering of the content within the {{DESIGN_TREE}} variable before it is passed to the sub-agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 04:26 PM