ln-001-standards-researcher
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from user-provided inputs like
epic_descriptionandstory_domain. In Phases 2 and 3, these inputs are interpolated directly into search queries for external MCP tools without sanitization or the use of boundary markers. This creates an indirect prompt injection surface where malicious instructions embedded in an epic description could attempt to manipulate the tool's behavior or findings. - [COMMAND_EXECUTION]: The skill performs automated file system operations, including using the
Globtool to discover project stack indicators and existing guide files. It also programmatically creates directories and writes research results to thedocs/research/path. While these actions align with the skill's purpose, they involve direct interaction with the host file system.
Audit Metadata