go-backend-technical-design
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill employs a Bash command for automated file discovery that uses unquoted subshell expansion ($(find ...)). While intended for locating requirement documents, this pattern can lead to unexpected behavior if filenames contain spaces or leading hyphens.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the requirement documents it ingests.\n
- Ingestion points: Automated discovery and reading of Markdown files based on naming patterns (requirement.md, 需求.md).\n
- Boundary markers: Prompt templates do not include delimiters or specific instructions to ignore potential commands embedded within the document content.\n
- Capability inventory: Access to Bash, Read, Glob, and Grep tools for file processing and information retrieval.\n
- Sanitization: Content from requirement files is interpolated into the design process without prior validation or sanitization.
Audit Metadata