devsec-conducting-threat-modeling
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted user data (system descriptions and diagrams) without explicit boundary markers or sanitization.
- Ingestion points: User-provided architectural context and integration points defined in the 'Understand the System' workflow (SKILL.md).
- Boundary markers: Absent. The prompt does not utilize delimiters or specific instructions to ignore embedded commands within the user's system description.
- Capability inventory: The skill can trigger file-writing operations via the 'devsec-saving-report' skill (SKILL.md).
- Sanitization: There is no logic provided to sanitize or validate the content of the user's description before inclusion in the threat modeling process.
Audit Metadata