the-ledger
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands to establish its local storage structure within the target project.
- Evidence: Executes
mkdir -p docs/gangsta/insights docs/gangsta/failsin SKILL.md. - [PROMPT_INJECTION]: The skill architecture relies on reading and following 'Commandments' and 'Negative Constraints' stored in local markdown files. This creates a surface for indirect prompt injection if an attacker can influence the content of these files in the project repository.
- Ingestion points: The skill reads configuration and behavioral rules from
docs/gangsta/(referenced in SKILL.md). - Boundary markers: Uses markdown headers like
## Negative Constraintsto delimit sections, but does not provide specific instructions to ignore malicious payload text within those sections. - Capability inventory: The skill has the capability to write to the file system and instructs the agent to treat identified constraints as binding laws for all future actions.
- Sanitization: No sanitization, validation, or escaping of the content read from the files is mentioned in the instructions.
Audit Metadata