shaping
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to capture and store external "source material" (user requests, quotes, etc.) verbatim during the framing phase.
- Ingestion points: User-provided raw material is captured verbatim in the
Sourcesection of theFramedocument as defined inSKILL.md. - Boundary markers: The skill recommends using markdown blockquotes (
>) to delimit this content, which serves as a visual indicator but does not provide a robust logical boundary against malicious instructions embedded in the source text. - Capability inventory: The agent has the capability to create and modify local markdown files (spikes, shaping docs, slices docs, and slice plans) and invoke the internal
/breadboardingtool. - Sanitization: There is no instruction to sanitize, escape, or filter the source material for embedded instructions before it is processed by the agent to define problems and outcomes.
- [NO_CODE]: The skill consists entirely of markdown instructions and methodology descriptions. No Python, JavaScript, or other executable scripts are included, which significantly reduces the technical attack surface for typical malware behaviors.
Audit Metadata