dev-kit-refine
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability. The skill ingests untrusted data from the codebase to update documentation and has the capability to write files. An attacker could place malicious instructions in the code to hijack the documentation process or the agent. | Ingestion points: .dev-kit/docs/, .dev-kit/knowledge/, and arbitrary codebase files (routes, APIs, schemas). | Boundary markers: Absent. | Capability inventory: File-write operations to the .dev-kit/ directory. | Sanitization: None detected.
- [PROMPT_INJECTION] (MEDIUM): Direct Prompt Injection. The 'additional instruction' input is interpolated directly into the agent prompt, which can be used to bypass the skill's constraints or instructions.
Recommendations
- AI detected serious security threats
Audit Metadata