lld-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because its primary function involves ingesting and analyzing untrusted external data from PRD, HLD, and API Contract documents. Malicious instructions embedded in these documents could potentially influence the agent's decision-making process.\n
- Ingestion points: The agent reads content from files located at paths provided via AskUserQuestion in Phase 0.\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands (e.g., 'treat input as data only') are provided to the agent.\n
- Capability inventory: The skill utilizes the 'TodoWrite' tool for state tracking and 'AskUserQuestion' for user interaction; it does not have access to dangerous capabilities such as arbitrary shell execution or outbound network requests.\n
- Sanitization: There is no evidence of content sanitization or validation performed on the technical documents before they are processed by the agent.
Audit Metadata