projects
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it ingests and processes untrusted data from various external sources to generate project artifacts.
- Ingestion points: The skill processes user-supplied descriptions, Google Doc content, and findings from web searches and codebase analysis in Phase 1.
- Boundary markers: There are no instructions to use delimiters (like XML) or 'ignore' instructions when interpolating external content into prompts or artifacts.
- Capability inventory: The agent can write to the local filesystem (creating PROJECT.md and evidence files) and spawn subagents via the Agent tool.
- Sanitization: There is no requirement for validating or sanitizing the data retrieved from external sources before it is used to influence agent logic.
Audit Metadata