principle-redesign-from-first-principles

Warn

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill explicitly instructs the agent to override its default operational workflows and model configurations.
  • Evidence: "Apply these overrides before following the original workflow:"
  • Evidence: "Replace upstream Composer, Claude Opus, and other panel defaults with Codex gpt-5.6-sol..."
  • [COMMAND_EXECUTION]: The instructions direct the agent to launch external workers and execute CLI tools that are not provided within the skill package, posing a risk of executing unverified or malicious local binaries.
  • Evidence: "In Claude Code, launch Codex CLI workers using the installed pstack skill spawn-codex-worker script or direct codex exec."
  • Evidence: "Use the host terminal, browser, review, subagent, and git tools directly."
  • [PROMPT_INJECTION]: The skill references non-existent or hallucinated model versions (e.g., "gpt-5.6-sol"), which is a pattern often associated with deceptive prompts or jailbreak attempts designed to bypass standard safety/capability configurations.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 10, 2026, 04:46 PM