implement-direct
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from repository files (requirements.md, solution.md, AGENTS.md) and user-provided briefs which are subsequently used to prompt sub-agents. This creates a surface for indirect prompt injection.
- Ingestion points: The workflow reads project documentation and user arguments to build the context for sub-agent delegation.
- Boundary markers: The skill instructions do not explicitly mandate the use of delimiters or instruction-ignore warnings to separate ingested content from the orchestrator's instructions to sub-agents.
- Capability inventory: Reading local files, managing task lists, spawning sub-agents, and executing validation tools.
- Sanitization: No content sanitization or validation of the data read from external files is described before it is interpolated into prompts.
Audit Metadata