pb-build
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates content from external repository files into subagent instructions.
- Ingestion points: Content from tasks.md, design.md, feature files, and AGENTS.md is read and interpolated into the implementer_prompt.md and evaluator_prompt.md templates.
- Boundary markers: The prompt templates use placeholder interpolation without explicit delimiters or instructions to ignore potential commands embedded within the data.
- Capability inventory: Subagents are authorized to execute shell commands, run unit tests, use browser automation, and perform network requests (curl/wget) for verification.
- Sanitization: No evidence of sanitization or validation of the ingested natural language content exists before it is passed to the subagents.
Audit Metadata