red-team
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses structured instructional templates to guide the agent through complex tasks. It involves an indirect prompt injection surface as it processes external files for scenario generation. However, it implements persona-based role-playing and constraints to bound the sub-agent behavior, and no attempts to override system safety or extract prompts were found.\n
- Ingestion points: Untrusted content from target paths specified in
--targetis read during scenario generation (Step 3) and probe execution.\n - Boundary markers: No explicit delimiters are used in the prompt templates when interpolating external data.\n
- Capability inventory: File system access (read/write), spawning background sub-agents, and calling the 'council' skill.\n
- Sanitization: No specific sanitization or filtering of external data before interpolation was identified.\n- [DATA_EXFILTRATION]: The skill reads files from the local filesystem to analyze documentation or other skills. This access is targeted and limited to the user-provided target path. No sensitive files or credential stores are accessed, and no network operations are present to exfiltrate data.\n- [COMMAND_EXECUTION]: Uses standard local commands like
mkdirand executes thevalidate.shscript. These are routine operations for managing the skill's workspace and performing self-validation. There are no instances of privilege escalation or execution of untrusted code.
Audit Metadata