create-design-brief
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection and path traversal because it interpolates user-controlled variables directly into filesystem paths for output storage.
- Ingestion points: The variables
initiative-nameandfeature-nameare derived from requester input to define the storage location (initiatives/[initiative-name]/design/) and filenames. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat requester input as untrusted data or to ignore embedded instructions.
- Capability inventory: The skill possesses file-write capabilities across the local directory structure defined in the
Outputsection. - Sanitization: The instructions do not define any validation, sanitization, or restriction logic to prevent directory traversal characters (e.g.,
../) or to ensure the input conforms to expected naming conventions.
Audit Metadata