governance-evolution-protocol
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests data from external markdown files, such as
phase-4-ingestion-report.md, which could potentially contain malicious instructions intended to influence the agent's behavior. - Ingestion points: The skill reads five specific markdown files from a local working directory as part of its operational flow.
- Boundary markers: There are no explicit delimiters or system instructions provided to the agent to distinguish between the skill's instructions and potentially adversarial content within the ingested reports.
- Capability inventory: The skill allows access to high-privilege tools including
Bash,Write, andEdit. - Sanitization: No sanitization or content validation is performed on the data read from the local reports before it is processed.
- [COMMAND_EXECUTION]: The skill explicitly allows the use of the
Bashtool. While used in this context for auditing and file management, the presence of shell access increases the capability surface of the skill. - [DATA_EXFILTRATION]: The skill performs read operations on several files within the user's project directory (
substrate-context.md,phase-1-landscape-report.md, etc.). This access is necessary for its stated function of generating a governance charter, but it constitutes a broad read surface within the specified working directory.
Audit Metadata