discipline
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes explicit instructions for the agent to "override default agent behavior wherever they conflict," which is a technique used to prioritize skill instructions over the agent's base safety and operational guidelines.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The instructions direct the agent to access potentially sensitive system data, specifically mentioning the inspection of system logs (
journalctl, container logs) and the reading of internal project files for debugging and investigation. - [INDIRECT_PROMPT_INJECTION]: The skill establishes a workflow where the agent is encouraged to ingest and act upon data from external sources within the local environment.
- Ingestion points: The agent is directed to read from the local codebase, git history, and system logs (
journalctl). - Boundary markers: There are no instructions provided to delimit untrusted data from system instructions or to ignore embedded commands within the files being read.
- Capability inventory: The skill utilizes file system access, git status/logging, and shell command execution for its operational checks.
- Sanitization: No sanitization or validation mechanisms are specified for handling the content retrieved from logs or files before the agent processes it.
Audit Metadata