evidence-driven
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to ingest and act upon data from local project files such as DESIGN.md and blueprints, which creates an indirect prompt injection surface.
- Ingestion points: Blueprint files, DESIGN.md, and task descriptions.
- Boundary markers: Absent; the instructions do not define delimiters to separate untrusted content from the system prompt.
- Capability inventory: The agent is authorized to perform file system writes and execute shell commands (specifically for running test suites).
- Sanitization: No mechanisms for sanitizing or validating the content of ingested files are specified.
- [NO_CODE]: The skill consists exclusively of markdown-based methodology guides and instructions. It does not include executable scripts, binaries, or configuration files that run code independently.
Audit Metadata