docs
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a significant attack surface for indirect prompt injection.
- Ingestion points: The skill instructions (Execution Flow) specify scanning all
ideas/*/directories, readingREADME.mdfiles, and parsing arbitrary markdown files for links and status. - Boundary markers: There are no specified boundary markers or instructions to treat ingested file content as data rather than instructions.
- Capability inventory: The skill is granted the
Edittool, providing the ability to modify files in the workspace. - Sanitization: No sanitization or validation of the content of the markdown files is mentioned before processing.
- Risk: An attacker could place a malicious markdown file in the documentation path containing instructions that the agent might execute, such as using the
Edittool to corrupt files, delete documentation, or modify project configuration files.
Recommendations
- AI detected serious security threats
Audit Metadata