port
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external Markdown documentation files as input for sub-agents to generate implementation plans, creating a surface for indirect prompt injection.\n
- Ingestion points: Step 6.1.3 reads feature specification files from the documentation project path provided by the user.\n
- Boundary markers: External content is interpolated into sub-agent prompts under section headers but lacks explicit delimiters or instructions to ignore embedded agent directives.\n
- Capability inventory: The skill possesses the ability to create directories, write implementation plans, and execute git commands, which could be abused if malicious instructions are embedded in source documentation.\n
- Sanitization: No sanitization or filtering of input Markdown content is described before it is passed to sub-agents.\n- [COMMAND_EXECUTION]: The skill performs shell-based operations to initialize and manage the target project environment.\n
- Evidence: Step 5.1 and 6.1.2 use 'mkdir -p' for directory creation. Step 5.4 executes 'git init', 'git add', and 'git commit' to initialize the target repository.
Audit Metadata