gsp-project-design
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection through its data ingestion and agent spawning process.
- Ingestion points: The skill reads external content from
{PROJECT_PATH}/BRIEF.md, various research files in{PROJECT_PATH}/research/, and custom files (including URLs) in{PROJECT_PATH}/references/as described in Step 1 and Step 3. - Boundary markers: Content is 'inlined' into the designer agent's prompt without the use of delimiters, escaping, or explicit instructions to ignore embedded directives; the instructions state 'the agent should not need to read any input files' because they are fully inlined.
- Capability inventory: The skill possesses powerful capabilities including filesystem modification (
Write), shell access (Bash), and the ability to spawn sub-agents (Agent), which increases the potential impact of an injection attack. - Sanitization: No evidence of validation, sanitization, or filtering of the ingested external data is present before it is interpolated into the agent prompt.
Audit Metadata