simple
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill body contains an HTML
<img>tag with the payloadtitle="onerror=alert(1)". This is a signature pattern for Cross-Site Scripting (XSS) testing and exploitation. While the payload is currently placed in thetitleattribute, its presence suggests an attempt to bypass simple security filters or exploit vulnerabilities in markdown rendering environments. - [PROMPT_INJECTION]: The skill defines a 'Discover' phase that requires the agent to "Assess project context — codebase, conventions, existing patterns," which introduces a significant surface for Indirect Prompt Injection.
- Ingestion points: The 'Discover' step in
SKILL.mddirects the agent to ingest content from the project codebase. - Boundary markers: The skill lacks any instructions to treat external codebase content as untrusted or to ignore embedded instructions found within that context.
- Capability inventory: The skill's stated purpose for 'architectural work' and 'feature design' implies the agent possesses high-privilege capabilities such as file system modification and command execution.
- Sanitization: No sanitization, validation, or escaping protocols are mentioned for the data retrieved during the discovery process.
Audit Metadata