enterprise
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow that ingests untrusted external data, creating a surface for indirect prompt injection.
- Ingestion points: Data enters the agent context through the
WebSearchtool (used for market analysis) and theRead/Greptools (used for processing user feedback and project documentation). - Boundary markers: The skill instructions do not provide explicit delimiters or "ignore embedded instructions" warnings for handling data retrieved from these external or user-provided sources.
- Capability inventory: The skill has access to powerful capabilities including
Bash,Task,Write, andEditfor file modification and command execution. - Sanitization: There is no evidence of sanitization, validation, or escaping logic for external inputs before they are interpolated into prompts or used in workflows.
- [COMMAND_EXECUTION]: The skill is configured with high-privilege execution tools to facilitate its core functions.
- Evidence: The
allowed-toolsconfiguration explicitly enablesBashandTask. These tools are intended for project initialization, monorepo management, and executing infrastructure-as-code (Terraform/Kubernetes) commands as described in the tech stack and project structure sections.
Audit Metadata