workflow-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it relies on reading and updating external project documentation files.\n
- Ingestion points: The skill ingests untrusted data from
plan.md,spec.md,tech-stack.md, and various memory files located in.claude/context/memory/.\n - Boundary markers: There are no explicit delimiters or system instructions defined to prevent the agent from obeying commands that might be embedded within these markdown files.\n
- Capability inventory: The skill has access to powerful tools including
Bashfor command execution, alongsideWrite,Edit, andReadfor file system manipulation, which could be exploited if malicious content is processed.\n - Sanitization: There is no evidence of content validation or sanitization for the data read from the plan or specification files before it is processed by the agent.
Audit Metadata