backend-developer
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Significant Indirect Prompt Injection vulnerability via untrusted rule files.
- Ingestion Points: The skill explicitly instructs the agent to read all files in
.claude/rules/backend/*.md,.claude/rules/dataclasses/laravel-data.md, and.claude/project-rules/backend/*.md. - Boundary Markers: Absent. The skill lacks instructions to sanitize or treat these files as untrusted content. Instead, it explicitly labels them as the 'source of truth.'
- Capability Inventory: The agent has extensive code modification capabilities, including creating and editing PHP code, models, services, controllers, and tests.
- Sanitization: None. There is no validation of the content within these rule files before they are integrated into the agent's reasoning process.
- Risk: Malicious instructions embedded in these project-level rule files could override the agent's safety protocols or force it to generate insecure code (e.g., SQL injection, backdoors, or credential harvesting logic) while the agent believes it is simply following project conventions.
Recommendations
- AI detected serious security threats
Audit Metadata