prompt-driven-development
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes content from untrusted sources such as URLs and local files to generate its planning artifacts.\n
- Ingestion points: The 'rough_idea' parameter in SKILL.md accepts direct text, local file paths, and URLs.\n
- Boundary markers: The workflow does not specify the use of delimiters or 'ignore' instructions when processing external content.\n
- Capability inventory: The skill performs directory creation and file writing operations on the local file system.\n
- Sanitization: There is no logic provided to sanitize, escape, or validate the content of the ingested idea or research data before it is processed by the agent.- [NO_CODE]: The skill consists entirely of Markdown instructions and templates without accompanying executable scripts or binaries.
Audit Metadata