charted-design
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted user data and writes it to the local filesystem, creating an attack surface for indirect prompt injection.
- Ingestion points: User responses to interview prompts for various sections (e.g., Goals, Design, PR Plan) as defined in
SKILL.md. - Boundary markers: Absent; the skill uses direct interpolation of responses into placeholders (e.g.,
{goals},{desired_behavior}) without delimiters or escaping. - Capability inventory: The skill requires the ability to read directory contents (to determine file sequencing) and write markdown files to the
design-docs/directory. - Sanitization: Absent; the skill does not specify any validation or sanitization for the content provided by the user.
- Risk: Maliciously crafted input could inject unauthorized markdown or instructions into project documentation, although no direct code execution or exfiltration is triggered.
Audit Metadata