Skills
skills/slgoodrich/agents/validation-sprint/Gen Agent Trust Hub

validation-sprint

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating untrusted data (user-provided idea descriptions and local project context files) directly into prompts for sub-agents without sanitization or strict boundary markers.\n
  • Ingestion points: The skill reads the $ARGUMENTS variable and files within the .claude/product-context/ directory in SKILL.md.\n
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are included when passing this data to the idea-researcher, market-researcher, or idea-skeptic agents.\n
  • Capability inventory: The skill uses Read, Glob, Grep, and Task tools, and possesses the capability to spawn and coordinate multiple sub-agents via Agent Teams.\n
  • Sanitization: No input validation, escaping, or content filtering is performed on the ingested data before it is processed by the model.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 10:01 AM