Skills
skills/marcusgoll/spec-flow/create-meta-prompts/Gen Agent Trust Hub

create-meta-prompts

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): High-risk Indirect Prompt Injection surface. The skill defines a pipeline where untrusted data from the internet is intended to influence planning and execution logic.
  • Ingestion points: references/research-patterns.md and references/intelligence-rules.md explicitly define patterns for ingesting untrusted data via web_search and web_fetch tools.
  • Boundary markers: The skill employs extensive XML-based delimiting (e.g., <context>, <findings>, <research_scope>) which reduces accidental obedience but does not fully mitigate adversarial pressure.
  • Capability inventory: references/do-patterns.md contains templates that grant the agent the capability to create/modify files and execute shell commands (e.g., npm test, npx tsc, npx @redocly/cli).
  • Sanitization: No explicit sanitization or filtering of external content is defined within the templates.
  • [COMMAND_EXECUTION] (LOW): The skill templates promote the execution of subprocesses for verification. While these are standard development tools (npm, npx, tsc), they represent the 'execute' half of the dangerous read-then-execute pattern when paired with the research capabilities.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:32 PM