done

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill defines a feedback loop that processes untrusted data to drive subsequent agent actions, creating an indirect prompt injection surface.
  • Ingestion points: Untrusted user input is captured as "Post-Completion Feedback" after the initial workflow finishes.
  • Boundary markers: The skill instructions do not specify the use of delimiters or specific instructions to the receiving skills to ignore embedded commands within the user-provided feedback string.
  • Capability inventory: The skill is designed to automatically invoke functional tools (manifest-dev:define and manifest-dev:do) which have the ability to modify project configuration and execute code.
  • Sanitization: There is no evidence of input validation, escaping, or sanitization of the user feedback before it is passed as an argument to the subsequent tool calls.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 07:37 AM
Security Audit — agent-trust-hub — done