adopt
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies and processes untrusted data from existing project artifacts (GDDs, ADRs, stories) to generate a migration plan. This creates a risk of indirect prompt injection where malicious content within these files could attempt to override agent instructions.
- Ingestion points: Files are read from paths including
design/gdd/,docs/architecture/,production/epics/, and.claude/docs/using Read, Glob, and Grep tools. - Boundary markers: The skill does not explicitly instruct the agent to use boundary markers or delimiters when reading content from these files to prevent accidental instruction following.
- Capability inventory: The skill has the capability to write new files (
Write), execute interactive queries (AskUserQuestion), and recommend subsequent execution of other skills. - Sanitization: Content is checked for structural elements (headings, columns) but the agent is not instructed to sanitize or escape the content for embedded natural language instructions.
Audit Metadata