recipe-fullstack-implement
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-supplied instructions through the
$ARGUMENTSparameter, which is then distributed to sub-agents, creating a surface for indirect prompt injection. This is mitigated by the inclusion of a mandatory security-reviewer sub-agent and the use of scoped system constraints in all sub-agent communications. - Ingestion points: The orchestrator ingests untrusted data through the
$ARGUMENTSvariable inSKILL.md. - Boundary markers: The skill applies a
[SYSTEM CONSTRAINT]suffix to prompts when invoking sub-agents. - Capability inventory: Sub-agents invoked by this orchestrator possess capabilities for file system modification and code execution via the
Agenttool. - Sanitization: No explicit input validation or sanitization of user-provided arguments is documented.
Audit Metadata