prototype
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute dynamically generated prototype code and collect metrics (Phase 4). While scoped to a prototype directory, this allows for the execution of any code the agent generates based on user input. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user input to guide script generation and execution with 'intentionally relaxed' standards.
- Ingestion points: User-supplied
concept-descriptionargument (Phase 1). - Boundary markers: None; the skill does not use specific delimiters or instructions to ignore embedded commands within the concept description.
- Capability inventory: The skill has access to
Bash,Write,Edit, andTasktools, enabling it to write files, execute shell commands, and spawn other agents. - Sanitization: No evidence of input validation or sanitization before the description is used to influence code implementation.
- [COMMAND_EXECUTION]: The skill uses user input (
concept-name) directly in file system paths (prototypes/[concept-name]/). Without proper sanitization by the agent, this could lead to path traversal attempts, although theisolation: worktreesetting provides some environment restriction.
Audit Metadata