multi-platform-apps-multi-platform
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface where untrusted data from user input is interpolated into sub-agent instructions.
- Ingestion points: User input provided via the $ARGUMENTS variable is used to define the core requirements in prompts for the 'backend-architect', 'ui-ux-designer', and various 'developer' sub-agents.
- Boundary markers: None. The skill does not utilize delimiters (like XML tags or triple quotes) or provide instructions to the sub-agents to ignore potential malicious commands embedded within the user's feature description.
- Capability inventory: The workflow utilizes sub-agents with the ability to generate complete API specifications, design systems, and functional code for web, iOS, Android, and desktop platforms.
- Sanitization: No validation, escaping, or filtering of the $ARGUMENTS string is performed before it is integrated into the prompts.
Audit Metadata