api-design
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection as it processes untrusted user data into generated artifacts.
- Ingestion points: User-provided descriptions and integration ideas enter the agent's context during 'Step 1: Frame the contract problem' in
SKILL.md. - Boundary markers: The instructions lack explicit delimiters or 'ignore instructions' warnings when handling user input.
- Capability inventory: The skill is authorized to use
WriteandEdittools to create and modify file artifacts (referenced inSKILL.mdStep 6). - Sanitization: There is no evidence of input validation or escaping procedures to ensure user-provided data does not contain malicious instructions that could influence the agent's behavior during contract generation.
Audit Metadata