design
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection by ingesting untrusted data from user arguments and local codebase files which are then passed to internal explorer agents. Ingestion points: User-provided design problems via the $ARGUMENTS variable in SKILL.md and codebase context for codebase-aware design tasks. Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within the external data. Capability inventory: The agent can read local files and write generated documentation to the docs/designs/ directory. Sanitization: No input validation or sanitization is applied to the ingested content before processing.
Audit Metadata