describe-design
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data from the codebase being researched.
- Ingestion points: Stage 2 and 3 involve reading READMEs, config files, and tracing code paths from the codebase.
- Boundary markers: None are specified in the skill definition to prevent the agent from following instructions embedded in the code or documentation it reads.
- Capability inventory: The skill has file-read capabilities across the repository and file-write capabilities (Stage 5) to save the documentation.
- Sanitization: No explicit sanitization of the content read from files is mentioned before it is processed or written back to the disk.
- Data Exposure (LOW): The skill is explicitly instructed to search for configuration options and data persistence details. While this is necessary for architectural documentation, it may lead the agent to access sensitive files like .env or configuration files containing connection strings if they are present in the repository.
Audit Metadata