shaping-work
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources and incorporates it into agent-generated documentation.
- Ingestion points: SKILL.md (Process section, Step 1) instructs the agent to read input from diverse sources including Slack threads, customer complaints, and rough ideas.
- Boundary markers: The instructions do not define clear delimiters or include warnings to ignore instructions embedded within the provided input.
- Capability inventory: The agent has the capability to write formatted text to local markdown files in the
thoughts/research/directory (SKILL.md, Step 5), which are intended to be processed by subsequent tools likebacklog-grooming(SKILL.md, Handoffs section). - Sanitization: There is no evidence of sanitization, escaping, or validation of the input text before it is processed or saved to the filesystem.
Audit Metadata