explore
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's design involves reading external codebase files and project artifacts, which introduces a surface for indirect prompt injection.
- Ingestion points: The agent reads from the beat/changes/ directory (including proposal.md and tasks.md) and general codebase files.
- Boundary markers: The skill does not provide markers or instructions to the agent to disregard instructions found within the ingested data.
- Capability inventory: The agent can read codebase files and write to design artifacts, but it is strictly forbidden from implementing application code.
- Sanitization: No sanitization or validation logic is defined for the content extracted from external files.
Audit Metadata