Skills
skills/htlin222/dotfiles/prime/Gen Agent Trust Hub

prime

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the codebase being analyzed.
  • Ingestion points: Reads README.md, ai_docs/cc_hooks_docs.md, and ai_docs/uv-single-file-scripts.md to provide context to the agent.
  • Boundary markers: Absent. The instructions do not specify any delimiters or safety warnings to prevent the agent from obeying instructions embedded within these files.
  • Capability inventory: The skill's instructions are limited to file system exploration (git ls-files, eza). No high-risk capabilities like network access or file modifications are requested.
  • Sanitization: Absent. Content from project files is loaded directly into the context without escaping or validation.
  • [COMMAND_EXECUTION]: The skill uses dynamic context injection to execute shell commands when the skill is loaded.
  • Evidence: !git ls-files and !eza . --tree in SKILL.md.
  • Analysis: These commands are used to automatically populate the agent's context with the project's file structure. They are benign, read-only operations typical for developer-focused onboarding tools and do not accept untrusted user input as arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 03:31 PM