product
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it interpolates untrusted user input directly into the prompts used to spawn sub-agents.
- Ingestion points: The user's request is captured via the argument-hint and passed into the Task tool prompt in SKILL.md.
- Boundary markers: The agent spawning template lacks delimiters (such as XML tags or triple quotes) or explicit 'ignore embedded instructions' warnings around the interpolated user request.
- Capability inventory: The skill can spawn multiple sub-agents via the Task tool, which are capable of generating responses, making recommendations, and creating new documentation files.
- Sanitization: There is no evidence of input validation, escaping, or sanitization before the user request is forwarded to the sub-agent context.
Audit Metadata