Skills
skills/sd0xdev/sd0x-dev-flow/project-brief/Gen Agent Trust Hub

project-brief

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests data from external technical specification files which may contain hidden instructions designed to manipulate the agent's behavior during the summarization process.
  • Ingestion point: Reads content from a technical spec file identified via $ARGUMENTS or direct input.
  • Boundary markers: The instructions for the subagent do not include delimiters (e.g., XML tags or triple backticks) to separate instructions from the data, nor do they include warnings to ignore instructions embedded within the spec.
  • Capability inventory: The skill utilizes the Read, Write, and Agent tools, allowing it to modify the filesystem based on the processed text.
  • Sanitization: There is no evidence of sanitization or validation of the input specification content before it is passed to the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 07:24 PM