facts-implement
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes instructions and requirements from external '.facts' files, creating a vulnerability where an attacker could embed malicious commands or override instructions within the specification.\n
- Ingestion points: The agent loads specifications using the 'facts list' and 'facts check' commands (SKILL.md).\n
- Boundary markers: There are no explicit markers or instructions provided to the agent to distinguish between its core instructions and the external data found in the fact sheets.\n
- Capability inventory: The agent is authorized to modify the codebase and execute validation commands as part of the implementation lifecycle.\n
- Sanitization: No sanitization or verification process for the content of the external fact labels or commands is described.\n- [COMMAND_EXECUTION]: The skill directs the agent to execute 'validation commands' defined in the external fact sheet. This allows for arbitrary command execution on the host system if the specification file is malicious or compromised.
Audit Metadata