execute
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external decision records to create execution plans without employing boundary markers or sanitization.\n
- Ingestion points: The workflow involves reading a decision record file (input of
/cs:decide) as specified in the primary Workflow section.\n - Boundary markers: There are no instructions to use delimiters or ignore warnings when reading the input data to prevent embedded instructions from being obeyed.\n
- Capability inventory: The skill directs the agent to write output files to the local filesystem at the path
~/.claude/execution/.\n - Sanitization: The instructions lack guidance on validating or escaping content from the decision record before it is interpolated into the final execution plan output.
Audit Metadata