recipe-review
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted project data.
- Ingestion points: Untrusted content from Design Documents (identified via $ARGUMENTS) and implementation files (retrieved via git diff) are incorporated into agent context in SKILL.md.
- Boundary markers: There are no clear delimiters or instructions provided to sub-agents to ignore potentially malicious directions embedded within the processed files.
- Capability inventory: The skill possesses significant capabilities, including the ability to write task files to the local file system (docs/plans/tasks/) and execute code modifications via the task-executor sub-agent.
- Sanitization: No sanitization or validation of external content is performed before it is interpolated into the prompts for the reviewer and executor sub-agents.
Audit Metadata