dashboard-specification
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing untrusted user data to generate documentation. \n
- Ingestion points: User-defined 'purpose', 'metrics', and 'personas' collected during the context gathering phase in SKILL.md. \n
- Boundary markers: No delimiters or instructions to ignore embedded commands are present in the processing logic. \n
- Capability inventory: Python logic in SKILL.md performs file-write operations to create 'dashboard_spec.md'. \n
- Sanitization: No input validation or escaping is applied to user strings before they are written to the output file.
Audit Metadata