wayfinder
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from an external issue tracker.
- Ingestion points: As described in the 'Work through the map' section, the agent loads the 'map' issue and retrieves the full body of specific 'ticket' issues, including comments.
- Boundary markers: Absent. The instructions do not define any delimiters or system-level prompts to treat the retrieved issue content as data rather than instructions.
- Capability inventory: The skill has the ability to read, create, assign, and close issues in a repository. It also delegates tasks to other skills like
/prototype, which is described as having the capability to write UI and logic code. - Sanitization: Absent. There is no logic for filtering, escaping, or validating the content pulled from the issue tracker before it is processed by the agent.
Audit Metadata