development-estimation
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it automates the analysis of external codebases. The agent is directed to explore component complexity and framework patterns, which could lead to the execution of instructions hidden within those files.
- Ingestion points: The 'Explore' subagent is tasked with analyzing the codebase for estimation context in 'references/estimate.md'.
- Boundary markers: The prompt templates for the 'Explore' and 'general-purpose' subagents lack delimiters or instructions to ignore embedded commands within the analyzed project files.
- Capability inventory: The skill enables tools such as 'Read', 'Grep', 'Glob', and 'Bash' for project analysis, as documented in 'references/estimate.md'.
- Sanitization: No sanitization or validation logic is specified for the data retrieved from the target codebase before it is passed to the LLM personas.
- [COMMAND_EXECUTION]: The skill facilitates the use of the 'Bash' tool for project analysis via subagents. This capability is integrated into the workflow to assess project structures but represents an execution primitive that could be exploited through adversarial instructions in the analyzed environment.
Audit Metadata