plan
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from project configuration files and user PRDs to generate implementation tasks, creating a risk of indirect prompt injection where malicious content could override agent instructions. * Ingestion points: docs/prds/, docs/specs/, and project configuration files (package.json, pyproject.toml, etc.). * Boundary markers: Absent; no delimiters or 'ignore embedded instructions' warnings are specified in the templates. * Capability inventory: File creation and modification (docs/), and shell command execution (bun run test/lint/build). * Sanitization: Absent; no validation or escaping of external content before processing is mentioned.
- [COMMAND_EXECUTION]: The validation phase instructs agents to execute commands like 'bun run test' defined in local project configuration files. This could result in executing malicious code if those files have been tampered with.
Audit Metadata