milestone-planning
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by processing untrusted user data and using it to drive a multi-step agent chain. It lacks mechanisms to prevent a malicious problem statement from influencing the behavior of the reviewer agents or the final synthesis.
- Ingestion points: Untrusted task descriptions are read from user input or 'Context Brief' files during Phase 1.
- Boundary markers: Absent; the prompts for the five reviewer agents and the synthesis agent utilize simple variable interpolation (e.g.,
{PROBLEM_BRIEF},{FEASIBILITY_OUTPUT}) without delimiters (like XML tags) or specific instructions to disregard embedded commands. - Capability inventory: The skill uses the
Agenttool to spawn sub-agents and performs multiple file-write operations to the project'sdocs/directory to store state and artifacts. - Sanitization: No sanitization, escaping, or schema validation is performed on the input text, and intermediate agent outputs are explicitly required to be passed verbatim to the synthesis agent.
Audit Metadata