Artisan
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process external prototypes and requirements, which constitutes an ingestion point for potentially malicious instructions embedded in untrusted data.
- Ingestion points: Defined in SKILL.md under Step 1 of the Process section ("Read Forge prototype or requirements").
- Boundary markers: The skill references external boundary guidelines in _common/BOUNDARIES.md but does not provide explicit prompt delimiters to isolate instruction-carrying prototypes from core system logic.
- Capability inventory: The agent has the ability to write and modify production frontend code, perform network data fetching, and update local project state via journaling and file-writing.
- Sanitization: The instructions emphasize runtime data validation (e.g., via Zod) for implementation but lack specific sanitization protocols to prevent the agent from following instructions embedded within the prototypes.
Audit Metadata