handoff
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use local tools such as
grepandglob, and to execute a specific Python script at.claude/scripts/code_graph. These actions are integrated into the intended workflow for analyzing code structure and dependencies. - [PROMPT_INJECTION]: The skill uses highly assertive and repetitive language (e.g., "MANDATORY IMPORTANT MUST ATTENTION") to enforce a specific procedural "hard-gate." This is used as a mechanism for process adherence in complex tasks and does not attempt to bypass system safety filters.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by design, as it must ingest and process contents from the codebase.
- Ingestion points: The skill reads existing files and search output using
grepandglob(SKILL.md). - Boundary markers: Absent; the instructions do not specify the use of delimiters or provide warnings to ignore potential instructions embedded within the codebase files.
- Capability inventory: The agent can execute local scripts, perform file system searches, and write analysis documentation to the
.ai/workspace/analysis/directory. - Sanitization: There is no evidence of input validation or content sanitization for the data read from the local files.
Audit Metadata