idea
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection during Phase 2 (Problem Discovery).
- Ingestion points: External data from web research (forums, Reddit, social media) gathered by subagents as described in
workflows/problem-discovery.md. - Boundary markers: Absent. There are no explicit instructions to the agent to treat subagent research output as untrusted or to use delimiters.
- Capability inventory: The skill writes multiple markdown files (
idea-brief.md,customer-profile.md,mvp-spec.md,custdev-tasks.md) and can invoke downstream skills like/planning-setup. - Sanitization: Absent. There is no mention of sanitizing or validating the content retrieved from external sources before using it to generate documentation or influence the workflow.
Audit Metadata