cy-idea-factory
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it ingests content from external, untrusted sources including codebase files and web search results to inform its multi-advisor debate and drafting process.\n
- Ingestion points: Codebase exploration (Agent tool), web search results (search tools), and existing _idea.md files in SKILL.md (Workflow Step 3).\n
- Boundary markers: The skill does not define clear delimiters or use explicit instructions to the agent to disregard potential instructions embedded within the ingested data.\n
- Capability inventory: The skill has the capability to write to the filesystem (creating directories and markdown files) and perform network operations (web search).\n
- Sanitization: No evidence of sanitization or validation of external content before processing it through the business analyst or council personas.\n- [COMMAND_EXECUTION]: The skill performs file system operations, including creating project directories (.compozy/tasks//) and writing markdown files (_idea.md, ADRs). These operations are consistent with its stated purpose of generating project documentation.
Audit Metadata