auto-trigger
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow orchestration mechanism that uses string interpolation to carry context across skill transitions.
- Ingestion points: Data enters the system via variables like {feature_name} and {skill_name} defined in the SKILL.md and README.md example configurations.
- Boundary markers: The configuration lacks explicit delimiters or instructions to isolate interpolated variables, increasing the risk that the agent may interpret data content as instructions.
- Capability inventory: The system orchestrates multiple skills with sensitive capabilities, including Bash, Write, and Edit tools (e.g., the self-improving-agent and prd-planner).
- Sanitization: There is no evidence of sanitization, escaping, or validation logic for the content of interpolated strings.
- Remediation: Implement strict boundary markers such as XML-like tags to encapsulate interpolated context and provide explicit instructions to the agent to treat those sections as non-executable data.
Audit Metadata