full-stack-developer
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Metadata Poisoning (MEDIUM): The file includes deceptive 'Quality Assurance' and 'Research Validation' scores (e.g., 'Technical Accuracy: 100%', 'Completeness: 95%') that are intended to bypass critical evaluation by users or agents and could lead to a false sense of security regarding the generated code.
- Indirect Prompt Injection (LOW): The architecture utilizes AI chatbots and RAG systems which ingest untrusted data. Evidence: (1) Ingestion Points: Multi-provider AI chatbot and RAG query inputs. (2) Boundary Markers: None described in the documentation. (3) Capability Inventory: Infrastructure management, automation scripts, and database operations. (4) Sanitization: Mention of Pydantic schemas is present but insufficient for preventing prompt-level instruction leakage.
- Dynamic Execution (MEDIUM): The 'SOTA Fullstack App Builder' and its 'automation scripts' (7,539 lines of automation) imply the runtime generation and execution of code. This presents a high risk of arbitrary command execution if the generation logic is influenced by malicious user inputs or external data sources.
Audit Metadata