copilot-instructions-blueprint-generator
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE]: The skill serves as a template generator for creating markdown documentation. It contains no executable scripts, binary files, or network-active components.
- [PROMPT_INJECTION]: While the skill does not contain direct prompt injection, it generates instructions that tell an AI to scan and follow patterns in a codebase. This creates a surface for Indirect Prompt Injection, where malicious code or comments in the analyzed repository could potentially influence the behavior of the AI using the generated instructions.
- Ingestion points: The generated prompt instructs an agent to read the entire codebase (e.g., project files, configuration, existing code).
- Boundary markers: The template does not include specific boundary markers or sanitization requirements for the code it scans.
- Capability inventory: No capabilities (subprocess, network, file-write) are present in the skill itself.
- Sanitization: None present; the instructions rely on the agent's internal safety filters.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata