audit-rules
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection (Category 8) because it ingests untrusted data from various agent configuration files (e.g., AGENTS.md, CLAUDE.md) and uses that data to generate modification suggestions.
- Ingestion points: Multiple project-level instruction files such as AGENTS.md, CLAUDE.md, and GEMINI.md are read directly into the agent's context.
- Boundary markers: No delimiters or isolation techniques are employed to prevent the agent from following instructions embedded within the files being audited.
- Capability inventory: The skill has the ability to write to the local filesystem to apply rule improvements.
- Sanitization: There is no evidence of sanitization or validation of the ingested text before it is processed.
- [COMMAND_EXECUTION]: The skill includes functionality to modify project files. While the workflow includes a confirmation step ('Ask Whether to Improve'), an agent could be influenced by injected instructions to propose changes that the user might inadvertently approve, potentially leading to the modification of critical configuration or the introduction of malicious rules.
Audit Metadata