blueprint-discovery
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
bashto runast-grep, a tool for structural code searching, to analyze repository architecture and conventions. This is standard functionality for a development-focused agent. - [COMMAND_EXECUTION]: The instructions include examples of
curlcommands (e.g.,curl -X POST /login) provided to the agent as suggested methods for verifying that defined acceptance criteria are met. - [PROMPT_INJECTION]: The skill ingests untrusted user input via the
feature_descriptionfield to drive classification and discovery logic, creating a surface for indirect prompt injection. - Ingestion points: The
feature_descriptionvariable defined in the Input YAML block. - Boundary markers: The skill does not explicitly define delimiters or instructions to ignore embedded commands within the user input.
- Capability inventory: The agent has access to shell execution (
bash), file reading (ARCHITECTURE.md, etc.), and the ability to trigger other vendor skills (majestic-devops:devops-plan). - Sanitization: No specific validation or sanitization of the user-provided text is performed before it is used for logic branching.
Audit Metadata