project-development
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides architectural guidance for project development using LLMs, advocating for staged pipelines and file-system state management.\n- [PROMPT_INJECTION]: The
scripts/pipeline_template.pyfile defines a pipeline surface that processes external data from untrusted sources (APIs/Files). This implementation represents a surface for indirect prompt injection due to a lack of sanitization and strict boundary delimiters in the prompt templates.\n - Ingestion points: The
fetch_items_from_sourcefunction inscripts/pipeline_template.pyis designed to pull data from external sources.\n - Boundary markers: The
PROMPT_TEMPLATEuses markdown headers but lacks strict delimiters (like XML tags or triple-backticks with 'ignore' instructions) for the interpolated{content}field.\n - Capability inventory: The script contains file system write operations and LLM invocation logic.\n
- Sanitization: No sanitization or escaping of external content is present in the implementation template.
Audit Metadata