implementation-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and analyze untrusted external data (PRDs and feature specs) which could contain embedded instructions to influence the agent's behavior.
- Ingestion points: The skill reads external files and descriptions through the
/design:workflowcommand defined inreferences/workflow.md. - Boundary markers: Absent. The instructions passed to subagents (e.g., 'Analyze PRD and generate workflow') do not use delimiters or explicit 'ignore instructions' warnings for the input data.
- Capability inventory: The system leverages subagents with capabilities including file system access (
Read,Write,TodoWrite) and network access (WebSearch). - Sanitization: No sanitization or input validation logic is present in the skill definition to filter potential injection attempts within the processed PRDs.
Audit Metadata