vision
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is vulnerable to indirect prompt injection through the ingestion of untrusted project data. Ingestion points: The skill reads the 'project.vision.md' file from the project root. Boundary markers: None; the skill lacks delimiters or instructions to ignore embedded commands within the vision document. Capability inventory: The skill writes analysis to 'project.vision-analysis.md' and provides structured requirements that influence high-privilege downstream components like the 'Architect Skill'. Sanitization: None; the agent directly extracts features and technical implications from the raw document content.
- File System Access (MEDIUM): The skill performs file write operations ('project.vision-analysis.md') based on the contents of the untrusted input file. While the path is restricted, the ability to persist data derived from an injection source presents a risk for multi-stage attacks.
Recommendations
- AI detected serious security threats
Audit Metadata