design-serialization-schema
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its design, which involves processing untrusted external inputs like data models and existing schema definitions.
- Ingestion points: Data models and existing schema definitions provided as inputs or read from files in Step 2, Step 3, and Step 4.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when the agent processes user-provided data.
- Capability inventory: The skill allows the use of powerful tools including 'Bash', 'Read', 'Write', and 'Edit', which could be misused if malicious instructions within data are executed.
- Sanitization: There is no requirement or guidance for the agent to sanitize or validate external content before using it to generate or evolve schema files.
Audit Metadata