dev-dict
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the way it processes external project documentation to generate SQL code.
- Ingestion points: The skill reads from potentially untrusted design documents located at
/projectdocs/design/{name}_design.md. - Boundary markers: There are no explicit delimiters or instructions to the agent to ignore embedded commands or instructions within the source documents.
- Capability inventory: The skill generates SQL output and specifies a file writing requirement to
/projectdocs/dev/{字典名称}_dict_{时间戳}.sql, which could be exploited if malicious SQL is generated. - Sanitization: The instructions do not include any validation or escaping logic to ensure that input data does not contain malicious SQL fragments or system instructions.
Audit Metadata