izanami-product-writer
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests data from several untrusted external sources and interpolates that data into generation prompts without sufficient isolation.
- Ingestion points: The skill reads data from
app/specs/shared/project-spec.yaml,app/specs/account/subscription-spec.yaml,develop/account/authentication/func-spec.md,content/blog/posts/claudemix-qa.md, and.claude/skills/izanami-product-writer/docs/blog-catalog.mdinprompts/01-collect.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when the extracted content is passed to the generation phases in
prompts/02-generate.md. - Capability inventory: The skill leverages
Read,Write,Edit,Glob, andGreptools to interact with the filesystem. - Sanitization: There is no evidence of content validation or escaping for the data retrieved from the specification files before it is processed by the agent.
Audit Metadata