Skills
skills/yaoqih/project-roles/requirements-analyst/Gen Agent Trust Hub

requirements-analyst

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
  • Indirect Prompt Injection (LOW): The skill workflow is centered on processing untrusted external data which creates a vulnerability to indirect prompt injection.
  • Ingestion points: Workflow step 1 and Interaction Protocol specify processing 'PRD, tickets, user feedback, and stakeholder requests' from file SKILL.md.
  • Boundary markers: Absent. There are no instructions for the agent to use delimiters or to ignore instructions embedded within the ingested data.
  • Capability inventory: The skill generates structured text and 'handoff artifacts' for downstream agents such as development-implementer and solution-architect.
  • Sanitization: Absent. No validation or filtering logic is defined for external content.
  • No Executable Code (SAFE): Analysis of SKILL.md and agents/openai.yaml confirms the absence of scripts, binaries, or package dependencies.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 07:31 AM