design-document
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it is designed to ingest untrusted external data to inform its outputs.
- Ingestion points: According to
SKILL.md, the agent reads discovery documents, needs analysis, and design briefs provided by the user. - Boundary markers: The skill lacks explicit delimiters or instructions to ignore potential commands within the ingested data.
- Capability inventory: The skill is configured with
Read,Write,Edit,Grep, andGlobtools, which allows for filesystem operations that could be targeted by injected content. - Sanitization: There is no evidence of sanitization or content validation for the external documents processed by the skill.
Audit Metadata