chrome-extension-consultant
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a multi-agent orchestration where the output of the initial discovery phase (derived from untrusted user input) serves as the primary context for all subsequent design and architecture agents. This structure creates a surface for indirect prompt injection.\n
- Ingestion points: Untrusted user requirements are collected by the 'Interviewer' agent and stored in the
.shared/01-requirements.mdfile, which is then consumed as context by all other agents in the workflow.\n - Boundary markers: The skill uses a structured 'Agent Delegation Format' to scope tasks, but it lacks specific instructions or delimiters to ensure that agents treat input from the
.shared/folder strictly as data and ignore any embedded instructions.\n - Capability inventory: Agents in the workflow have the capability to write multiple technical specifications, architectural diagrams, and development roadmaps based on the provided context, which could be manipulated to produce biased or incorrect specifications.\n
- Sanitization: There is no evidence of a validation or sanitization step within the workflow to filter the user-provided requirements for potential malicious instructions before they are propagated to the specification and planning agents.
Audit Metadata