watchos
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The mandatory workflow involves ingesting data from external search results, creating a potential attack surface.
- Ingestion points: The workflow uses search tools like Exa via the research-expert agent to find documentation in the SKILL.md file.
- Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore instructions within the retrieved documentation.
- Capability inventory: The skill uses TeamCreate to spawn agents that perform codebase analysis and implementation tasks as described in the agent workflow section.
- Sanitization: No sanitization or verification steps for the external search data are defined before implementation begins.
Audit Metadata