implement
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes design documents (
*-design.md) and existing source code files to generate prompts for subagents. While intended, this creates an attack surface for indirect prompt injection if the source files contain malicious instructions. - Ingestion points: Reads from the
docs/plans/directory and existing project source files. - Boundary markers: Absent. The instructions recommend pasting content "inline" without specifying the use of delimiters or instructions for the subagent to ignore embedded commands.
- Capability inventory: The skill dispatches subagents with 'tdd' and 'code-reviewer' types via the
Tasktool, which are expected to write and modify code on the filesystem. - Sanitization: Absent. No validation or filtering is performed on the content of the design files before they are interpolated into subagent prompts.
Audit Metadata