ask-buildmaster
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill possesses an inherent attack surface where untrusted data (epic/feature descriptions) influences agent actions and file system outputs.
- Ingestion points: The skill triggers on user-provided strings like 'plan this epic' and 'break into tickets' as defined in
SKILL.md. - Boundary markers: Absent. There are no instructions to the agent to treat user-provided epic details as data rather than instructions, nor are there delimiters (e.g., XML tags or triple quotes) suggested for input wrapping.
- Capability inventory: The agent is instructed to maintain and update the
.docs/epic-context.mdfile based on the workflow results, providing a persistent write capability to the project directory. - Sanitization: No sanitization or validation logic is present to filter malicious instructions embedded within feature requests or epic summaries.
- [No Code Findings] (SAFE): The provided Python script
scripts/validate.pyis a benign placeholder and does not perform any network operations, file access, or dynamic code execution.
Audit Metadata