mvp
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious intent, obfuscation, or unauthorized behaviors were detected. The skill incorporates a human-in-the-loop approval process before writing any files to the system.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it interpolates user-provided project requirements into prompts for secondary agents.\n
- Ingestion points: User input collected via AskUserQuestion in Step 1 and Step 2 of the workflow.\n
- Boundary markers: Missing from the placeholders within the AGENT_PROMPTS.md templates.\n
- Capability inventory: The skill and its sub-agents have access to Bash, Write, Read, and Task tools.\n
- Sanitization: User input is not sanitized or escaped before being integrated into the sub-agent prompts.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool for local filesystem operations, such as creating the directory structure for project documentation in Step 7.
Audit Metadata