development-implementer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly susceptible to indirect prompt injection because its core purpose is to process external inputs (requirements/acceptance criteria) to perform high-privilege actions like code generation and system modification.
- Ingestion points: The 'Interaction Protocol' section in
SKILL.mdspecifies that 'Requirement with acceptance criteria' and 'tech stack context' are expected inputs. - Boundary markers: The skill lacks any instructions for the agent to use delimiters or 'ignore embedded instructions' markers when processing these external requirements.
- Capability inventory: The skill is authorized to implement 'end-to-end features,' 'boundary protections,' and 'automated tests,' and is instructed to 'validate performance and resilience before merge.' This implies the agent has the capability to write, modify, and execute code within the development environment.
- Sanitization: There are no instructions to sanitize, escape, or validate the logic provided in the requirements before the agent incorporates them into the codebase.
Recommendations
- AI detected serious security threats
Audit Metadata