pipeline-retro
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and analyzes data from external sources, specifically test runner reports (manifest.json, content.md) and generated SKILL.md files. If an attacker can control the output of a test or the content of a researched domain, they could embed instructions that manipulate the agent's root cause analysis and lead it to apply malicious changes to the generator logic.
- Ingestion points: The skill reads test logs, pipeline specifications, and skill files from the skills/ directory.
- Boundary markers: The instructions lack explicit delimiters or safety headers to separate ingested data from the agent's core logic.
- Capability inventory: The skill utilizes Bash, Write, Edit, and Agent tools to modify its own architecture rules, templates, and to re-invoke other agents.
- Sanitization: There is no documented validation or sanitization process for data extracted from failure traces before it is used to propose generator fixes.
Audit Metadata