cook-auto-fast
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to "skip research phase" and operate in "Autonomous mode: no user confirmation," which overrides standard safety protocols and encourages the agent to bypass standard quality gates. It also directs the agent to "skip code review step" during the implementation phase.
- [PROMPT_INJECTION]: An indirect prompt injection surface is present. 1. Ingestion: The skill reads
docs/project-reference/domain-entities-reference.md, which contains auto-injected content. 2. Boundary: It suggests checking for an[Injected: ...]header, which is an insufficient boundary for untrusted data. 3. Capability: The agent has tools for file modification and script execution. 4. Sanitization: No sanitization is performed on the injected content before it enters the context. - [COMMAND_EXECUTION]: The skill executes a project-local script
python .claude/scripts/code_graph. This relies on the integrity of the project environment and could be exploited if malicious scripts are placed in the expected path. - [COMMAND_EXECUTION]: User-supplied
$ARGUMENTSare interpolated into the<tasks>block, allowing unvetted input to define the agent's behavior and task execution list. - [SAFE]: The skill includes "Red Flag Stop Conditions" that mandate user escalation for security-sensitive operations (auth, crypto, PII), providing a necessary safety check against its autonomous implementation strategy.
Audit Metadata