do
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill's primary function is to ingest and follow instructions from manifest files, execution logs, and reference files to perform tasks.
- Ingestion points: Manifest files (passed via
$ARGUMENTS), execution log files, and behavioral mode files (e.g.,references/execution-modes/thorough.md). - Boundary markers: The instructions do not define boundary markers or 'ignore' commands to isolate external manifest data from the agent's core instructions.
- Capability inventory: The skill uses
Bash(shell execution),Read,Write, andEdittools, and calls other skills such as/verify,/define, and/escalate. - Sanitization: There is no evidence of sanitization or validation of the content within the manifest files before execution.
- [COMMAND_EXECUTION]: The skill is designed to perform work through shell commands (
Bash) and file system modifications, including navigating between different repositories using absolute paths.
Audit Metadata