agent-prompts
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWNO_CODEPROMPT_INJECTION
Full Analysis
- [No Code] (SAFE): The skill is composed entirely of Markdown instructions and JSON Schema definitions. No scripts (.py, .js, .sh), binary files, or command execution patterns were found inside the skill files.\n- [Indirect Prompt Injection] (LOW): The skill identifies a surface for indirect prompt injection as it processes untrusted external documentation (PRDs and SDDs) to generate task prompts for downstream coding agents.\n
- Ingestion points: Reads requirements and sections from external PRD and SDD documents.\n
- Boundary markers: None explicitly defined in the templates to separate untrusted document content from agent instructions.\n
- Capability inventory: The generated output (TASKS.json) includes a
testingfield intended for shell command execution and apromptfield containing instructions for coding agents with file-write capabilities.\n - Sanitization: No sanitization or validation of input document content is described in the prompt templates.\n
- Risk: While the skill itself is passive, malicious instructions embedded in source documents could be propagated to high-privilege downstream agents.
Audit Metadata