build
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes a 'Read before write' principle that requires the agent to analyze and understand existing code patterns. This creates an attack surface for indirect prompt injection where malicious instructions embedded in code comments, documentation, or string literals within the processed codebase could influence the agent's behavior.
- Ingestion points: The agent is instructed to read the existing codebase and project files (SKILL.md) to identify patterns before performing writes.
- Boundary markers: Absent. There are no delimiters or instructions provided to help the agent distinguish between code patterns to be followed and adversarial instructions hidden within the source data.
- Capability inventory: The skill is granted significant capabilities, including the ability to write code for UI components, API routes, and database schema migrations.
- Sanitization: While the skill explicitly mandates application-level validation (Zod/Pydantic) for user data, it lacks self-sanitization logic to ignore or filter natural language instructions discovered during its analysis of the source code.
Audit Metadata