enhance-prompt
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Detected surface for Indirect Prompt Injection (Category 8) when processing user inputs and project-specific design files.
- Ingestion points: The skill ingests untrusted data from user-provided prompts and the content of
DESIGN.mdvia theReadtool. - Boundary markers: Absent. The skill interpolates external data directly into the enhanced prompt without using delimiters or 'ignore' instructions.
- Capability inventory: The skill possesses
ReadandWritetool permissions, allowing it to modify project files based on processed input. - Sanitization: No logic exists to sanitize or escape malicious instructions embedded within the user input or design files before they are processed by the agent.
- [EXTERNAL_DOWNLOADS] (SAFE): References official Stitch documentation from a trusted Google domain (withgoogle.com). Installation instructions use a verified Google-Labs repository.
- [DATA_EXFILTRATION] (SAFE): No evidence of hardcoded credentials, unauthorized network calls, or access to sensitive system paths (e.g., SSH keys, AWS config).
- [COMMAND_EXECUTION] (SAFE): The skill does not contain any patterns for arbitrary command execution, shell spawning, or dynamic code evaluation.
Audit Metadata