engineering
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes untrusted data from workspace files which could contain malicious instructions designed to subvert the agent's intended logic.
- Ingestion points: The skill reads
./plans/*/scope.md,./plans/*/prd.md,./plans/*/spec.md, and performs codebase exploration to understand project patterns. - Boundary markers: No specific delimiters or "ignore instructions" markers are defined to isolate external data from the skill's operational prompts.
- Capability inventory: The skill possesses the ability to write files (tdd.md, prd.md, pipeline.md), explore the codebase, and interact with the user via questions.
- Sanitization: There is no evidence of validation, sanitization, or filtering of the content read from external files before it is processed by the agent.
Audit Metadata