design-synthesis
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to indirect prompt injection via research artifacts.
- Ingestion points: The skill loads research data from a file path (
research_{slug}.md) during the §INGEST phase. - Boundary markers: No delimiters (e.g., XML tags, triple quotes) or 'ignore embedded instructions' warnings are present to isolate the untrusted research content from the agent's instructions.
- Capability inventory: The skill orchestrates 3-4 concurrent agents via
parallel-dispatchand generates abrainstorm.mdfile that serves as a foundation for downstream implementation planning. - Sanitization: Untrusted research findings are directly interpolated into the sub-agent prompt template (
Context: Research indicates: [key findings summary]), allowing content in the research file to influence or override the sub-agents' objectives. - Risk: An attacker-controlled research artifact could contain malicious instructions designed to bias the design approaches, ignore project constraints, or steer the AI toward insecure implementation patterns during the /plan phase.
Recommendations
- AI detected serious security threats
Audit Metadata