blueprint
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection (Category 8) because it is designed to ingest untrusted data and format it into a document specifically intended to be used as a prompt for downstream AI agents.
- Ingestion points: Untrusted data enters the agent context via the
$ARGUMENTSvariable inSKILL.md. - Boundary markers: No escaping or isolation markers are used to differentiate user-supplied text from the prompt template in the output file.
- Capability inventory: The skill is capable of writing markdown files to the root directory (
blueprint-*.md). - Sanitization: The 'Writing Guidelines' explicitly instruct the agent to avoid sanitization or interpretation, requiring it to 'Record user's exact words' and 'Preserve user's original phrasing,' which ensures that any malicious instructions provided by the user are passed directly into the final output document.
- [PROMPT_INJECTION]: The skill includes a hardcoded instruction override ('Language Requirement: All responses, conversations, and outputs should be in Korean') which is intentionally injected into the output documentation to modify the behavior of subsequent AI agents that consume the generated blueprint.
Audit Metadata