implementation-planning
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process external documents such as Product Requirements Documents (PRD) and Solution Design Documents (SDD) to structure tasks. This creates a surface for indirect prompt injection where instructions embedded in these third-party specifications could potentially influence the agent's behavior during plan generation.
- Ingestion points: Reads requirements and design specifications from the
.start/specs/directory. - Boundary markers: Lacks explicit instructions or delimiters to isolate and ignore potentially malicious commands within the ingested text, although it uses reference markers for traceability.
- Capability inventory: Primarily focuses on writing structured markdown documentation to the local spec directory and coordinating tasks between specialist agents.
- Sanitization: No specific data sanitization or validation routines are defined for the content extracted from external specifications.
Audit Metadata