think
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns were identified. The skill implements security best practices for data handling, specifically warning the agent to treat external data as untrusted.
- [COMMAND_EXECUTION]: The skill executes a local shell script at
~/.claude/skills/nanostack/bin/save-artifact.shto persist strategic summaries. This is an internal state-management function using a path consistent with the skill's ecosystem. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection when ingesting user ideas and external search results. This is proactively mitigated by explicit instructions to treat all external content as data, extract facts only, and ignore any embedded directives.
- Ingestion points: User project descriptions (Phase 1) and external search results for prior art (Phase 1.5).
- Boundary markers: Explicit instructional blocks in
references/search-before-building.mddefining data/instruction separation. - Capability inventory: Local shell command execution (
save-artifact.sh) and transition to subsequent build skills. - Sanitization: Clear instructions for the agent to filter external content and disregard embedded commands.
Audit Metadata