aisdlc-project-discover
Fail
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: CRITICALPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as its core function involves summarizing untrusted data from external repositories.\n
- Ingestion points: The agent reads 'repository facts' from files such as
.aisdlc/project/memory/product.md, source code, and CI configurations.\n - Boundary markers: Absent. The instructions do not define delimiters or provide warnings to ignore commands embedded within the analyzed project files.\n
- Capability inventory: The skill has the capability to write multiple files to the local filesystem and can spawn parallel sub-agents for module discovery.\n
- Sanitization: No sanitization or input validation logic is present to filter content extracted from the target repository.\n- [PROMPT_INJECTION]: The skill employs strong behavioral constraints (e.g., '停止并纠正' and '必须遵守') to enforce its specific documentation workflow. While intended for consistency, these directives are typical of patterns used to override global system prompts.\n- [EXTERNAL_DOWNLOADS]: An automated scanner flagged the file path
.aisdlc/project/memory/product.md(specifically 'product.md') as a blacklisted URL. While the skill treats this as a local file path, the blacklist hit suggests that content typically associated with this name or its potential remote source may be malicious.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata