brief-to-tasks
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from design brief files to structure its output. Malicious instructions placed within these files could potentially manipulate the generated task list or influence the agent's logic.
- Ingestion points: Reads content from files matching .design/*/DESIGN_BRIEF.md and INFORMATION_ARCHITECTURE.md.
- Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the ingested files.
- Capability inventory: The skill is capable of reading project files, scanning directories for component names, and writing to the file system (TASKS.md).
- Sanitization: No explicit sanitization or content validation is performed on the data retrieved from the design files.
Audit Metadata