Skills
skills/k9i-0/flutter_autonomous_template/requirements-gathering/Gen Agent Trust Hub

requirements-gathering

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill establishes an ingestion point for untrusted data that is later interpreted as project requirements.
  • Ingestion points: User responses collected through the AskUserQuestion prompts defined in SKILL.md.
  • Boundary markers: The generated REQUIREMENTS.md template lacks clear delimiters (like XML tags or block markers) or system instructions to distinguish user-provided content from structural requirements.
  • Capability inventory: The skill workflow includes writing to the local filesystem (REQUIREMENTS.md) and transitioning to 'EnterPlanMode', which typically involves the agent reading and acting upon the file content.
  • Sanitization: There is no evidence of input validation, escaping, or filtering for malicious instructions within the user's answers.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 09:23 PM