pre-plan
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection through its data ingestion process. It is instructed to gather information from external, potentially untrusted sources like linked tickets and codebases to inform the refinement process.\n
- Ingestion points: The skill reads from documents, tickets, and codebases referenced by the user or identified through discovery (SKILL.md).\n
- Boundary markers: Absent; instructions mandate reading the 'WHOLE thing' without skimming and provide no delimiters to isolate external data from the agent's instructions.\n
- Capability inventory: Capability to write to the file system (markdown docs), read arbitrary files via the Read tool, and spawn research sub-agents (SKILL.md).\n
- Sanitization: Absent; there are no provisions for filtering or validating the content retrieved from external sources before it is processed by the agent or sub-agents.
Audit Metadata