requirement-analyzer
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user data as part of its primary analysis workflow, creating a potential surface for indirect prompt injection (Category 8). \n
- Ingestion points: The skill explicitly instructs the agent to read and understand 'preliminary requirement materials' (e.g., meeting minutes, competitor analysis) provided by the user in the '前置准备' (Preparation) section of
SKILL.md. \n - Boundary markers: There are no specified delimiters or instructions to treat external content as data only, nor are there warnings to ignore embedded agent instructions within that content. \n
- Capability inventory: The skill allows the agent to read local files and write generated documentation to a local directory defined by the
output_dirparameter. \n - Sanitization: The methodology does not include steps for sanitizing or validating the input data before it is incorporated into the structured analysis templates.
Audit Metadata