do

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill's primary function is to ingest and follow instructions from manifest files, execution logs, and reference files to perform tasks.
  • Ingestion points: Manifest files (passed via $ARGUMENTS), execution log files, and behavioral mode files (e.g., references/execution-modes/thorough.md).
  • Boundary markers: The instructions do not define boundary markers or 'ignore' commands to isolate external manifest data from the agent's core instructions.
  • Capability inventory: The skill uses Bash (shell execution), Read, Write, and Edit tools, and calls other skills such as /verify, /define, and /escalate.
  • Sanitization: There is no evidence of sanitization or validation of the content within the manifest files before execution.
  • [COMMAND_EXECUTION]: The skill is designed to perform work through shell commands (Bash) and file system modifications, including navigating between different repositories using absolute paths.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 07:38 AM
Security Audit — agent-trust-hub — do