lifecycle-sequence-generator
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill documentation (SKILL.md) describes the ingestion of external app store review data from JSON files located at /work/neobank-skills/app-store-intelligence/output/. This constitutes an indirect prompt injection surface. Ingestion points: JSON review files in the neobank-skills directory; Boundary markers: Absent; the script performs simple token replacement without sanitizing ingested data; Capability inventory: The script scripts/generate_sequence.py can write to any local file path provided via the --output flag; Sanitization: Absent.
- [COMMAND_EXECUTION]: The generate_sequence.py script permits arbitrary file writes. Using the --output parameter, the script can be instructed to create directories and write content to any location on the file system reachable by the execution environment, which could lead to the overwriting of sensitive configuration or system files.
Audit Metadata