recipe-reverse-engineer
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it orchestrates the processing of untrusted data from a codebase.
- Ingestion points: Untrusted data enters the agent context from the directory or module specified in
$USER_TARGET_PATHduring the scope discovery and document generation phases (SKILL.md). - Boundary markers: The instructions do not define boundary markers (such as XML tags or specific delimiters) or provide warnings to the sub-agents to ignore instructions embedded within the codebase content.
- Capability inventory: The workflow involves multiple sub-agents (
scope-discoverer,prd-creator,technical-designer) that perform deep investigation of code files. The orchestrator is designed to pass data between these agents 'as-is' without filtering (SKILL.md). - Sanitization: No sanitization, validation, or escaping of the codebase content is performed before it is interpolated into the prompts for the various sub-agents.
Audit Metadata