design-feature
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's logic is focused on document generation and structured interviewing. It does not contain any malicious code, obfuscated instructions, or attempts to bypass security controls.
- [DATA_EXPOSURE]: The skill instructions direct the agent to explore the codebase and read requirement documents (PRDs, scope docs, glossaries) located in the
./plans/directory. This access is necessary for the intended purpose of technical design and does not involve data exfiltration or access to sensitive credentials like SSH keys or environment secrets. - [PROMPT_INJECTION]: There is a potential surface for indirect prompt injection because the skill ingests content from external files (PRDs and scope documents) which could contain malicious instructions.
- Ingestion points: The agent reads files matching the pattern
*-prd.md,*-scope.md, and*-glossary.mdfrom the./plans/directory. - Boundary markers: The instructions do not define specific delimiters or warnings to ignore embedded instructions within these files.
- Capability inventory: The skill does not possess high-risk capabilities such as network access, arbitrary shell command execution, or dynamic code evaluation; its primary action is writing markdown files to the local disk.
- Sanitization: No validation or sanitization of the content read from these files is specified.
Audit Metadata