Ideate
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Every workflow file (
Dream.md,FullCycle.md,Mate.md,QuickCycle.md,Steal.md,Test.md) includes instructions to executecurlcommands. These commands perform POST requests tohttp://localhost:31337/notifyto provide local status notifications. - [COMMAND_EXECUTION]: The skill maintains an execution log by appending JSON-formatted entries to
~/.claude/PAI/MEMORY/SKILLS/execution.jsonlusing theechocommand and shell redirection at the conclusion of each workflow. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of ingesting and iteratively processing untrusted external data.
- Ingestion points: Untrusted content enters the system during the CONSUME and STEAL phases, which invoke the
Researchskill to gather information from external domains and patterns (Workflows/FullCycle.md,Workflows/Steal.md). - Boundary markers: The instructions do not define the use of delimiters or 'ignore' instructions when presenting researched data to subsequent agent phases (DREAM, MATE, etc.).
- Capability inventory: The system can perform network requests (
curl), file writes (echo), and invoke various other skills and tools. - Sanitization: There is no evidence of sanitization, validation, or escaping of the external content before it is interpolated into agent prompts throughout the evolutionary loop.
Audit Metadata