specify
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill incorporates an attack surface for indirect prompt injection through its data ingestion and synthesis workflow.
- Ingestion points: The skill accepts untrusted user input via the description argument ($ARGUMENTS) and ingests findings from external research subagents in the 'Research' phase (SKILL.md).
- Boundary markers: There are no explicit instructions or delimiters defined to separate user/agent data from the synthesis instructions or to prevent the agent from obeying instructions embedded within that data.
- Capability inventory: The skill has permissions to write and edit files within the
.start/anddocs/directories (SKILL.md), potentially allowing injected instructions to modify persistent project documentation. - Sanitization: The skill lacks explicit sanitization or validation of the findings collected from specialist agents before they are processed and written to disk.
Audit Metadata