compounder
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests data from multiple external sources (blueprints, reviews, and task logs) and uses that content to generate instructions ('Feed to Audit') for subsequent tools in the workflow loop.
- Ingestion points: system/blueprints/.md, system/reviews/.md, tasks/todo.md, and tasks/lessons.md.
- Boundary markers: Absent. There are no explicit delimiters or instructions to ignore embedded commands in the source files.
- Capability inventory: Limited to reading local files and writing report outputs to the file system (e.g., system/state.md). It lacks network access and arbitrary command execution capabilities.
- Sanitization: Absent. Data from processed files is directly interpolated into summary tables and feedback sections without validation.
Audit Metadata