woo-sailor
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill directly interpolates user-provided arguments ($0, $1, $ARGUMENTS) into the prompt structure within XML tags. An attacker could provide crafted input containing closing tags (e.g., ) to break out of the intended template and inject arbitrary instructions to the agent.\n- [PROMPT_INJECTION]: The skill identifies and processes project configuration and rule files as untrusted data, creating an indirect prompt injection surface.\n
- Ingestion points: Files matching patterns such as **/SKILL.md, **/CLAUDE.md, and **/AGENT.md are targeted for processing.\n
- Boundary markers: No delimiters or 'ignore embedded instructions' warnings are used when the sub-agent is instructed to process these files.\n
- Capability inventory: The delegated sub-agent (process-siren) has the capability to perform 'in-place' file system modifications.\n
- Sanitization: The skill does not perform validation or filtering of the content within the target files before they are processed for optimization.
Audit Metadata