Skills
skills/kojder/photo-map-app/Project Planning for Photo Map MVP/Gen Agent Trust Hub

Project Planning for Photo Map MVP

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is designed to ingest untrusted data from project files and translate them into implementable tasks using write-capable tools.
  • Ingestion points: The skill explicitly directs the agent to read files from .ai/, references/, and examples/ directories to verify features and plan implementation.
  • Boundary markers: Absent. There are no instructions to delimit external content or ignore embedded commands within the files being processed.
  • Capability inventory: The skill is granted Read, Write, Edit, Grep, and Glob tools, allowing it to modify the codebase based on planning decisions.
  • Sanitization: Absent. The skill does not provide logic to filter or escape instructions that might be embedded in the markdown documentation it processes.
  • Risk: An attacker who can influence the content of the referenced documentation (e.g., via a Pull Request containing a malicious prd.md) could potentially execute a 'jailbreak' that causes the agent to use its Write or Edit tools to inject malicious code into the Photo Map MVP project.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:13 PM