design
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill fetches content from the web via search tools (Perplexity and Exa) and incorporates this untrusted data into generated implementation plans. This creates a risk where malicious instructions on a researched website could influence the plan's code or instructions.
- Ingestion points: External research results retrieved via
mcp__perplexity__perplexity_researchandmcp__exa__web_search_exa(referenced inreferences/research-phase.md). - Boundary markers: There are no specific delimiters or instructions provided to isolate or ignore potentially malicious content within the researched web data.
- Capability inventory: The skill performs extensive local codebase analysis using the
serenatoolset, writes implementation plans to the local file system, and dispatches sub-agents for specialized reviews using theAgent()tool. - Sanitization: No explicit sanitization or validation of external content is performed during the research synthesis or plan drafting phases.
Audit Metadata