done
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a feedback loop that processes untrusted data to drive subsequent agent actions, creating an indirect prompt injection surface.
- Ingestion points: Untrusted user input is captured as "Post-Completion Feedback" after the initial workflow finishes.
- Boundary markers: The skill instructions do not specify the use of delimiters or specific instructions to the receiving skills to ignore embedded commands within the user-provided feedback string.
- Capability inventory: The skill is designed to automatically invoke functional tools (
manifest-dev:defineandmanifest-dev:do) which have the ability to modify project configuration and execute code. - Sanitization: There is no evidence of input validation, escaping, or sanitization of the user feedback before it is passed as an argument to the subsequent tool calls.
Audit Metadata