feature-spec
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection because it is designed to ingest and process data from external files (vision and requirements documents) that may be controlled by third parties.
- Ingestion points: The skill explicitly reads from vision.md, requirements.md, and examines the codebase in backend/ and frontend/ directories.
- Boundary markers: The instructions do not specify any delimiters or safety warnings to ignore instructions that might be embedded within the project's vision or requirement documents.
- Capability inventory: The skill is primarily focused on document generation and has restricted capabilities; it lacks network access or the ability to execute arbitrary commands, as indicated by the disable-model-invocation: true setting in its metadata.
- Sanitization: No sanitization or validation logic is applied to the ingested content before it is processed by the agent.
Audit Metadata