Skills
skills/laurigates/claude-plugins/blueprint-derive-rules/Gen Agent Trust Hub

blueprint-derive-rules

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from git commit logs to establish system rules.
  • Ingestion points: Commit messages and bodies read via git log in SKILL.md (Steps 3 and 4).
  • Boundary markers: No delimiters or isolation techniques are employed to separate external commit data from internal instructions.
  • Capability inventory: The skill uses Bash for command execution and Write for file modification (including the ability to define output paths via docs/blueprint/manifest.json).
  • Sanitization: The instructions do not specify any sanitization or validation for content extracted from git history before it is used in logic or shell commands.
  • [COMMAND_EXECUTION]: The execution workflow uses shell commands (Step 4, Step 7) that interpolate variables derived from the processed git history.
  • Risk: Shell metacharacters in commit messages could cause unintended command execution when passed to tools like grep or jq via the Bash tool.
  • [SAFE]: Usage of the dynamic context injection syntax (!command) is limited to benign local discovery commands (e.g., git rev-parse, find) and does not present a high risk in this implementation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:17 PM
Security Audit — agent-trust-hub — blueprint-derive-rules