tpm-spec-trace-ids
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process untrusted external data (narrative vision documents and PRDs) and then perform write operations (modifying headers and generating new index files).
- Ingestion points: Processes narrative vision documents provided by the user in Step 1 and Step 2.
- Boundary markers: Absent. There are no instructions to use delimiters or to ignore embedded instructions within the documents being annotated.
- Capability inventory: The agent is authorized to modify existing markdown files and generate new files based on local templates.
- Sanitization: None. The instructions tell the agent to 'Extract goals from executive summary' and 'Assign Feature IDs to major section headers', which could lead to an agent executing instructions hidden within those document sections.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file path access, or network operations were detected.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No external packages or remote code download patterns are present in the skill definition.
Recommendations
- AI detected serious security threats
Audit Metadata