work
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data via the '${ARGUMENTS}' interpolation in the 'input_document' block, which introduces a surface for indirect prompt injection where a malicious document could attempt to override agent instructions.
- Ingestion points: Untrusted work plans or specifications enter the agent context via the '${ARGUMENTS}' variable.
- Boundary markers: The skill uses '<input_document>' XML-style tags to delimit the external content.
- Capability inventory: The agent is granted access to high-impact tools including 'Bash' (for git and system operations), 'Write', and 'Edit' for filesystem modifications.
- Sanitization: The 'Phase 1: Quick Start' section mandates that the agent read the plan, clarify ambiguities, and secure explicit user approval before performing any implementation tasks, serving as a critical manual verification control.
Audit Metadata