lev-design
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest and process external, untrusted artifacts like 'idea.md' and 'report.md' to guide its behavior.
- Ingestion points: Reads and processes user-supplied documentation ('idea.md', 'report.md') and codebase patterns during the framing and research phases (Step 1 and Step 2).
- Boundary markers: The instructions do not define explicit delimiters or 'ignore' commands to prevent the AI from following malicious instructions potentially embedded in the input text files.
- Capability inventory: The skill produces structured artifacts (JSON/YAML) and interfaces with other tools in the ecosystem, such as 'lev-builder', which can perform more sensitive actions like code generation.
- Sanitization: There are no stated validation or sanitization mechanisms to filter or escape content found within the input documents before they are used to influence the agent's logic.
Audit Metadata