backend-to-frontend-handoff-docs
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill utilizes strict 'No Chat Output' and 'NO CHAT OUTPUT' rules to bypass standard agent transparency. These instructions prevent the agent from providing explanations or feedback to the user, a pattern that can be used to hide unintended file writes or malicious reasoning.
- PROMPT_INJECTION (HIGH): The skill exposes a significant surface for indirect prompt injection due to its combination of untrusted data ingestion and file-write capabilities. 1. Ingestion points: The agent is instructed to read 'Completed API code' and 'business context' from the project workspace (SKILL.md). 2. Boundary markers: The prompt does not specify the use of delimiters or 'ignore' instructions to isolate these external inputs from the agent's core instructions. 3. Capability inventory: The skill has the capability to write markdown files to the '.claude/docs/ai/' directory, which is a file-write operation performed after processing untrusted data (SKILL.md). 4. Sanitization: There is no evidence of sanitization, filtering, or validation logic applied to the external content before it is processed and stored.
Recommendations
- AI detected serious security threats
Audit Metadata