charted-red
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest untrusted external data and perform file modifications, creating a significant attack surface.
- Ingestion points: The skill reads content from paths provided in
$ARGUMENTS[0](designDocPath) and$ARGUMENTS[1](testFilePath). - Boundary markers: Absent. There are no delimiters or instructions to the agent to disregard potential instructions embedded within the design documents or test files.
- Capability inventory: The skill's core purpose is to modify the file at
testFilePathby implementing code bodies. - Sanitization: Absent. The content from the external files is interpolated directly into the agent's task context without filtering or validation.
Recommendations
- AI detected serious security threats
Audit Metadata