aisdlc-project-discover-level0-memory
Fail
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: CRITICALPROMPT_INJECTIONNO_CODEEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface
- Ingestion points: The skill prompts the agent to read project file structures, CI/CD configuration files, and script paths to populate documentation.
- Boundary markers: There are no delimiters or explicit instructions provided to the agent to ignore potentially malicious instructions embedded in the project files being analyzed.
- Capability inventory: The skill is limited to generating Markdown text files and contains no logic for network operations, system command execution, or file system modifications beyond documentation creation.
- Sanitization: No validation or escaping logic is defined for the external project data that is interpolated into the memory documentation templates.
- [NO_CODE]: The analyzed skill consists entirely of instructional Markdown and templates. It does not include any Python scripts, Node.js code, binaries, or automated shell scripts.
- [EXTERNAL_DOWNLOADS]: Automated Scan Finding
- Evidence: An automated scan flagged a malicious URL associated with the 'product.md' filename, which is one of the documentation files the skill is designed to generate.
- Analysis: No remote download commands (such as curl or wget) or external URLs were identified in the provided SKILL.md file; all references are to relative internal file paths.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata