architecture
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from product specification files, creating an indirect prompt injection surface.
- Ingestion points: It reads
specs/product_specs.mdand aggregates markdown files from thespecs/product_specs/directory. - Boundary markers: Product requirement content is interpolated into subagent prompts without boundary markers or 'ignore' instructions to prevent the agent from following commands embedded in the files.
- Capability inventory: The skill has the ability to write files and invoke other skills in the workflow.
- Sanitization: No validation or sanitization is applied to the content of the ingested files.
Audit Metadata