sprint-compiler
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes content from multiple external files and interpolates them into its own output.
- Ingestion points: The agent is instructed to read all files in the
context/directory and several specific markdown files (e.g.,context-builder.md,jtbd-capture.md,dot-vote-*.md) from the working directory. - Boundary markers: There are no explicit boundary markers or instructions to treat the content of these files as untrusted data when generating the final report.
- Capability inventory: The skill performs file read and write operations within the local working directory. It does not possess network access or the ability to execute system commands.
- Sanitization: The instructions do not include any steps to sanitize, escape, or validate the content of the ingested files before they are processed by the LLM.
Audit Metadata