krds-plan
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow that ingests untrusted data (product goals, user flows, and screens) to produce a structured implementation plan including file edits and validation commands. This creates a surface for indirect prompt injection where malicious content in the user's input could be reflected in the agent's actions.
- Ingestion points: Processes external inputs such as 'Product goal and user flows' and 'Existing screens' as defined in SKILL.md.
- Boundary markers: Lacks delimiters or specific instructions to treat the ingested data as untrusted text rather than instructions.
- Capability inventory: Generates 'file-level edit plans' and 'validation commands' which are intended for execution by the agent.
- Sanitization: No evidence of input validation or sanitization mechanisms to prevent malicious instruction leakage into generated commands.
Audit Metadata