scope
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8 surface) as it interpolates user requirements directly into prompts for sub-agents.
- Ingestion points: The {requirement} variable is used in prompt templates for code-explorer, docs-researcher, and analyzer agents in SKILL.md.
- Boundary markers: Absent. User input is not wrapped in delimiters or accompanied by instructions to ignore embedded commands.
- Capability inventory: Sub-agents use code-explorer (reads project files, git log and diff) and docs-researcher (reads project docs). No network exfiltration or shell execution tools are enabled in the frontmatter.
- Sanitization: No sanitization or validation of the input string is performed.
Audit Metadata