slfg
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface where user-provided input is used to drive an autonomous multi-step workflow without delimiters or sanitization.\n
- Ingestion points: User input provided via
$ARGUMENTSis interpolated into the/workflows:plancommand inSKILL.md.\n - Boundary markers: There are no boundary markers or instructions to isolate user input from the rest of the orchestration logic.\n
- Capability inventory: The workflow triggers high-impact capabilities including autonomous code generation via 'agent swarm subagents', browser testing, and automated PR modifications.\n
- Sanitization: The skill lacks logic to validate, escape, or sanitize the user input before it is consumed by the planning and execution agents.
Audit Metadata