rd
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill has a significant vulnerability surface where it ingests untrusted data that influences high-privilege actions. \n
- Ingestion points: Reads
.mdrequirement documents from thedev/directory (e.g., Stage 1). \n - Boundary markers: None. The agent extracts instructions directly from the document body without isolation. \n
- Capability inventory: The skill can read any project code (Stage 1/2), write files (
.claude/plan/in Stage 3), and execute code modifications on the project (Stage 5). \n - Sanitization: There is no validation or filtering of the content within the requirement documents. \n- Command Execution (HIGH): In Stage 5, the agent 'executes' the plan derived from the external requirement document. In an adversarial scenario, this allows an external input to dictate arbitrary changes to the application source code.
Recommendations
- AI detected serious security threats
Audit Metadata