Skills
skills/testany-io/testany-agent-skills/hld-writer/Gen Agent Trust Hub

hld-writer

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its automated document analysis workflow.
  • Ingestion points: The skill reads external data from the file system, including PRDs, API Contracts, and other technical specifications identified during Stage 0.3.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to help it distinguish between its own operational logic and potentially malicious instructions embedded within the documents it analyzes.
  • Capability inventory: The skill uses Glob for file scanning, AskUserQuestion for user interaction, and TodoWrite for task tracking. Its primary action is generating Markdown documentation; it does not have access to high-risk capabilities such as external network requests or arbitrary command execution.
  • Sanitization: The skill lacks mechanisms to sanitize, escape, or validate content extracted from external documents before incorporating it into the final High-Level Design output.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 09:54 PM