design-brief
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection because it ingests several files that could be influenced by external actors.
- Ingestion points: Reads project-specific data from
brand/BRAND.md,brand/DESIGN.md,brand/ASSETS.md, and artifacts generated by other skills inskill-artifacts/mkt/. - Boundary markers: Absent; inputs are interpolated into sub-agent instructions without delimiters or clear instructions to ignore embedded commands.
- Capability inventory: The orchestrator is configured with
Bash,Edit,WebSearch, andWebFetchtools. - Sanitization: No validation or sanitization of the content read from files is performed before it is passed to the sub-agents.
- [COMMAND_EXECUTION]: The skill's configuration allows the use of the
Bashtool. While no malicious or arbitrary shell commands are present in the provided instructions, the presence of this tool alongside the processing of untrusted artifacts increases the potential impact of an injection attack.
Audit Metadata