principle-redesign-from-first-principles
Warn
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill explicitly instructs the agent to override its default operational workflows and model configurations.
- Evidence: "Apply these overrides before following the original workflow:"
- Evidence: "Replace upstream Composer, Claude Opus, and other panel defaults with Codex gpt-5.6-sol..."
- [COMMAND_EXECUTION]: The instructions direct the agent to launch external workers and execute CLI tools that are not provided within the skill package, posing a risk of executing unverified or malicious local binaries.
- Evidence: "In Claude Code, launch Codex CLI workers using the installed pstack skill spawn-codex-worker script or direct codex exec."
- Evidence: "Use the host terminal, browser, review, subagent, and git tools directly."
- [PROMPT_INJECTION]: The skill references non-existent or hallucinated model versions (e.g., "gpt-5.6-sol"), which is a pattern often associated with deceptive prompts or jailbreak attempts designed to bypass standard safety/capability configurations.
Audit Metadata