verify
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by design, as it interprets and passes untrusted instructions from a manifest file to other agents.
- Ingestion points: The skill reads and processes the manifest file (
<manifest-file-path>), execution logs (<execution-log-path>), and discovery logs provided via arguments or found in the environment. - Boundary markers: The instructions in
SKILL.mdexplicitly mandate passing the manifest'sprompt:orcommand:fields "verbatim" and forbid the orchestrator from adding its own framing, opinions, or severity thresholds. There are no delimiters or instructions to subagents to ignore potentially malicious embedded content within the manifest data. - Capability inventory: The skill is capable of spawning various subagents, including
criteria-checkeragents and routing tobashorcodebaseverifiers, which could lead to code execution if those agents are misled by malicious manifest content. - Sanitization: No sanitization, validation, or escaping of the manifest-provided text is performed before it is interpolated into subagent prompts.
Audit Metadata