issue
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): Potential for indirect prompt injection through the processing of untrusted external content. * Ingestion points: The skill reads user descriptions and external specification files located in
spaces/[project]/docs/specs/*.md(Step 4). * Boundary markers: No specific delimiters or instructions are used to isolate content read from specification files, which could contain instructions intended to influence the agent's behavior. * Capability inventory: The skill usesWriteandEdittools to create new files inideas/[project]/issues/(Step 5) and modify existing specification files (Step 6). * Sanitization: There is no evidence of sanitization or validation performed on the external data before it is used to generate or modify files.
Audit Metadata