simple-design
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes untrusted data from user messages and spec.md files to guide its codebase analysis and document generation. Evidence: 1. Ingestion points: User messages and docs//spec.md (SKILL.md Step 1). 2. Boundary markers: No delimiters or instructions to ignore embedded commands are provided for external content. 3. Capability inventory: Broad read access to the codebase (Workflow Step 1) and write access to the project's docs/ directory. 4. Sanitization: No input validation or escaping is specified before data is interpolated into the agent context.
- [DATA_EXFILTRATION]: Potential Data Exposure. The instructions direct the agent to search for and read configuration and infrastructure files, specifically environment variables (SKILL.md Step 1). This exposure can lead to sensitive credentials being loaded into the agent's context. While the skill primarily writes to local documentation files, this increases the risk of accidental leakage or misuse of secrets.
Audit Metadata