blueprint
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's installation section provides instructions to download code from an external GitHub repository (
https://github.com/antbotlab/blueprint.git) that is not part of the trusted vendors list or a recognized well-known service. This repository constitutes an unverified source for skill components. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks due to its core workflow of transforming user objectives into executable steps for other agents. Ingestion points: untrusted objective string in SKILL.md. Boundary markers: none. Capability inventory: mentions codebase scanning and model delegation. Sanitization: none mentioned. A malicious objective could be used to generate instructions that override safety filters or cause unauthorized actions when executed by downstream agents in fresh sessions.
Audit Metadata