custom-agent
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses high-emphasis instructional markers such as 'MANDATORY IMPORTANT MUST ATTENTION' and 'IMPORTANT Task Planning Notes'. These are used to reinforce specific operational workflows (e.g., breaking work into tasks) rather than to bypass parent AI safety guidelines or system constraints.
- [DATA_EXFILTRATION]: The skill accesses local project files in the
.claude/agents/directory using glob and read operations. However, there are no network operations or calls to non-whitelisted domains that would indicate an attempt to exfiltrate this data. - [INDIRECT_PROMPT_INJECTION]: The skill processes potentially untrusted content when auditing or enhancing third-party agent files.
- Ingestion points: The skill reads files matching the pattern
.claude/agents/*.mdin Mode 2 (Audit) and Mode 3 (Enhance). - Boundary markers: There are no explicit delimiters or 'ignore embedded instructions' warnings when the skill reads the body of these markdown files.
- Capability inventory: The skill possesses the capability to
WriteandEditfiles and executeBashcommands (as described in the tool restriction documentation). - Sanitization: No sanitization or validation of the agent file content is performed prior to processing it as natural language instructions.
Audit Metadata