prd
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection through user-provided content. * Ingestion points: User-provided feature descriptions and answers to clarifying questions. * Boundary markers: Absent. The skill does not implement delimiters or instructions for the agent to ignore embedded commands within the user's input. * Capability inventory: The skill has file-write capabilities (saving markdown files to the
tasks/directory) and influences downstream agent actions by generating acceptance criteria that trigger other skills (e.g.,dev-browser). * Sanitization: No sanitization or validation of thefeature-name(used in the filename) or the document content is defined, which could theoretically be exploited for path manipulation or instruction persistence in the documentation.
Audit Metadata