prompt-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides templates for shell commands using PowerShell and Node.js. These are intended for use in AI agent lifecycle hooks (such as PreCompact or SessionEnd) to preserve project state by reading local files like
_memory/progress.mdandHANDOFF.md. These operations are limited to the local project environment for state management. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests project-specific data to generate architecture and configuration files.
- Ingestion points: Reads existing
package.json,CLAUDE.md, and session memory files (_memory/*.md). - Boundary markers: Utilizes structured Markdown headers and tables to delimit content.
- Capability inventory: Capable of generating and writing configuration files and recommending shell commands for lifecycle automation.
- Sanitization: Relies on structural formatting; explicit sanitization logic for ingested data is not defined in the provided references.
- [SAFE]: The skill follows security best practices by recommending deterministic enforcement (hooks/scripts) over pure prompt instructions. No credentials, external downloads from untrusted sources, or persistence mechanisms were identified.
Audit Metadata