agents-md
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill generates instruction files that override default agent behavior using 'non-negotiable' principles and operational defaults like 'Caveman Communication'. These instructions are designed to be persistent and enforced across future workspace sessions.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting external workspace data to populate instruction files.
- Ingestion points: Folder names from
.code-workspacefiles and filesystem directory structures are read to build the Project Matrix. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are wrapped around project names when they are written to AGENTS.md.
- Capability inventory: The agent identifies file structures and tech stacks and writes markdown files to the local filesystem.
- Sanitization: Project identifiers ('codes') are normalized to uppercase alphanumeric characters with hyphens, which provides some sanitization, but full project names are inserted with only minor cleanup (trimming and icon removal).
Audit Metadata