pdd
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from user-provided URLs or files for the rough_idea parameter.
- Ingestion points: The rough_idea parameter in SKILL.md supports input via text, file path, or URL.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the input as data only or to ignore embedded instructions.
- Capability inventory: The agent can create and write files including plan.md, design.md, and PROMPT.md based on the ingested content.
- Sanitization: There is no evidence of sanitization or validation of the input before it is written to project artifacts.
- [EXTERNAL_DOWNLOADS]: The skill allows the ingestion of data from external URLs for project initialization and research. This functionality is expected given the skill's purpose and the URLs are user-specified.
Audit Metadata