web-dev-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill suggests using the literal string
test_passwordfor authentication smoke tests. While it includes a note to remove this before formal release, recommending the use of hardcoded credentials in instructions can lead to security vulnerabilities if instructions are followed literally in production environments. - [DATA_EXFILTRATION]: The Review Agent is instructed to take screenshots of the deployed website. This requirement poses a data exposure risk as screenshots may capture sensitive information, user data, or internal system details that are then transmitted to the AI provider's context.
- [PROMPT_INJECTION]: The workflow is vulnerable to indirect prompt injection because it processes untrusted data across multiple agents without adequate safeguards.
- Ingestion points: Raw user requirements are ingested and passed through the agent chain starting with the PRD Agent (SKILL.md).
- Boundary markers: The skill does not define delimiters or specific instructions to ignore embedded commands within the input requirements.
- Capability inventory: The agents possess powerful capabilities, including source code generation and deployment via the
ignisplatform (SKILL.md). - Sanitization: No sanitization or validation steps are defined for the input requirements before they influence the downstream code generation and deployment phases.
Audit Metadata