tech-decision
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and synthesize data from untrusted external sources such as community forums and third-party documentation. 1. Ingestion points: Data enters the workflow via the dev-scan skill (Reddit, Hacker News) and docs-researcher agent. 2. Boundary markers: No explicit delimiters or isolation instructions are provided to separate the gathered research from the agent's core instructions. 3. Capability inventory: The skill utilizes a codebase-explorer agent capable of reading local source code. 4. Sanitization: The provided evaluation-criteria.md includes logic for weighting source reliability, but there is no automated sanitization to prevent the execution of instructions found in external data.
Audit Metadata