design-engineering
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection as it processes external user context without sufficient isolation or sanitization mechanisms. \n- Ingestion points: The workflow in
SKILL.md(Step 1) and the questions inreferences/INTAKE.mddefine points where untrusted user context enters the agent's prompt. \n- Boundary markers: The skill lacks instructions for the agent to use delimiters (e.g., XML tags or triple backticks) to isolate user-provided context from the skill's instructions. \n- Capability inventory:SKILL.mdinstructs the agent to write the final deliverables to files if requested by the user, providing a potential path for persisting malicious content. \n- Sanitization: No input validation or sanitization rules are defined for the user-provided context before it is processed.
Audit Metadata