prd
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. 1. Ingestion points: Feature descriptions and user responses provided during the interactive 'Step 1' are ingested directly into the prompt context. 2. Boundary markers: No delimiters or 'ignore embedded instructions' warnings are used to wrap user-supplied content. 3. Capability inventory: The skill has the capability to write files to the
/tasks/directory, with filenames partially derived from user input. 4. Sanitization: There is no evidence of input validation, sanitization, or filtering of the user-provided data before it is written to the file system.
Audit Metadata