skills/jazz1x/honne/crush/Gen Agent Trust Hub

crush

Pass

Audited by Gen Agent Trust Hub on May 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were identified. The skill operates within its described scope using local files and tools.
  • [COMMAND_EXECUTION]: The skill executes a local utility script at ${CLAUDE_PLUGIN_ROOT}/scripts/honne to check for the existence of required persona files. This is a standard use of project-specific tooling.
  • [PROMPT_INJECTION]: The skill ingests user-defined content from local files to guide the AI's persona behavior, creating a surface for indirect prompt injection.
  • Ingestion points: Step 3 reads content from .honne/personas/antipattern.md, .honne/personas/signature.md, and .honne/personas/judge.md.
  • Boundary markers: None; the content is mentally applied as system instructions for the duration of the debate rounds.
  • Capability inventory: The skill can execute the local honne script and read local files.
  • Sanitization: No sanitization or escaping is performed on the ingested persona content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 22, 2026, 03:47 AM
Security Audit — agent-trust-hub — crush