agent-fullstack-developer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses the necessary capability and data ingestion surface to be vulnerable to indirect prompt injection attacks from untrusted files.- Ingestion points: Uses 'Read' and 'MultiEdit' tools to ingest file content from the workspace.- Boundary markers: No delimiters or safety instructions are present to prevent the agent from obeying instructions found within processed files.- Capability inventory: Access to 'Bash', 'Docker', and 'database' tools allows for significant system-level execution if the agent is misled.- Sanitization: No input validation or instruction filtering is implemented.
Audit Metadata