technical-synthesis
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process untrusted external source material (such as codebase logs, research papers, or project documentation) for synthesis, which creates an attack surface for indirect prompt injection. Instructions hidden within this source data could potentially influence the agent's behavior during the synthesis process.
- Ingestion points: Source material processed during the 'Structural outline' and 'Expanded bullets' stages as defined in
SKILL.md. - Boundary markers: The skill does not currently implement specific technical delimiters (e.g., XML tags) to isolate untrusted source content from its own instructional context.
- Capability inventory:
SKILL.mdinstructs the agent to 'build natively' in external platforms like Notion, Linear, Jira, and Airtable using APIs, SDKs, or CLI tools, which could be abused if an injection is successful. - Sanitization: The skill includes a robust workflow-based mitigation called 'Phase-separate research from drafting' in
SKILL.md, which requires the agent to summarize source material into notes and then clear the context before drafting, significantly reducing the likelihood of a successful instruction bypass.
Audit Metadata