product-design
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to process external, untrusted data (requirements, user stories, and acceptance criteria) and possesses capabilities that could be abused if malicious instructions are embedded in that data.
- Ingestion points: The skill ingests user-provided text through the
$ARGUMENTSvariable and during 'Step 1: Understand requirements'. - Boundary markers: The instructions do not define clear delimiters or system-level warnings to the agent to disregard instructions found within the user-provided requirements.
- Capability inventory: The skill is granted
Bash,Write,Edit,Read,Glob, andGreptools, allowing for significant system interaction. - Sanitization: There is no explicit mechanism for sanitizing or validating user input before the agent processes it or uses it to generate file content.
Audit Metadata