skills/aws-samples/sample-claude-code-agents-for-product-teams/ai-pdlc-navigator/Gen Agent Trust Hub
ai-pdlc-navigator
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions provide standard shell commands for environment setup, diagram regeneration, and repository maintenance (files: README.md, SKILL.md). These commands are intended for local execution and are aligned with the skill's purpose as a developer workflow aid.
- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by processing untrusted user data to generate documentation artifacts. Ingestion points: User-provided seed vision documents (file: SKILL.md, Path 6). Boundary markers: The skill does not employ specific delimiters to isolate user-provided data from instructions. Capability inventory: The skill possesses the capability to write multiple markdown files and create directories within the user's project (file: SKILL.md). Sanitization: User-provided content is not sanitized before being interpolated into generated files.
- [SAFE]: The skill is a documentation-centric resource authored by a trusted vendor resource (aws-samples). It incorporates comprehensive security and compliance roles and does not exhibit malicious patterns such as data exfiltration or credential harvesting.
Audit Metadata