recipe-design
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by interpolating untrusted user input from the
$ARGUMENTSvariable directly into the agent's context. - Ingestion points: The
Requirements: $ARGUMENTSsection inSKILL.mdallows external data to enter the prompt chain. - Boundary markers: There are no delimiters (e.g., XML tags or triple quotes) or explicit instructions to the agent to treat this input as untrusted data, increasing the risk that embedded instructions could influence sub-agent behavior.
- Capability inventory: The skill orchestrates multiple sub-agents and manages the creation of design documentation (
docs/design/*.md), which could be used as a vector for persistent injection if malicious content is saved to the repository. - Sanitization: No validation or escaping is performed on the input before it is passed to the requirement-analyzer or technical-designer sub-agents.
Audit Metadata