code-design-schema
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection due to its processing of untrusted data.
- Ingestion points: In
SKILL.md, the skill usesWebSearch/WebFetchto retrieve best practices from the web. InSUBAGENT.md, it interpolates user-provided{requirements}and{framework}into prompts for subagents (code-architectandcode-researcher). - Boundary markers: There are no delimiters or specific instructions to help the model distinguish between instructions and data, nor are there warnings to ignore embedded commands in the untrusted input.
- Capability inventory: The skill is designed to generate executable content including SQL DDL, ORM model definitions, and CLI migration commands. While it does not execute these directly, they are provided to the user/agent for execution.
- Sanitization: No evidence of input validation, escaping, or content filtering is present to mitigate risks from malicious web content or crafted user requirements.
Audit Metadata