design-doc-template
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to process untrusted user input and has access to high-privilege tools. 1. Ingestion points: User-provided text for design doc template tasks. 2. Boundary markers: None identified in the skill definition. 3. Capability inventory: High-privilege access to Bash and file system operations via Write and Edit. 4. Sanitization: No evidence of sanitization for incoming content before it influences tool interaction.
- [Command Execution] (MEDIUM): The skill explicitly requests Bash access. While intended for documentation tasks, authorizing this tool for a skill that handles arbitrary user text increases the risk of command injection if the agent is misled by malicious instructions in the input.
Recommendations
- AI detected serious security threats
Audit Metadata