confidence
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill directly interpolates user input from $ARGUMENTS into operational instructions in SKILL.md, creating a surface for direct prompt injection that could override evaluation logic.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted 'current work' (code and plans). Ingestion points: Untrusted plans and code enter the context via the analysis logic in SKILL.md. Boundary markers: The instructions lack delimiters to isolate external content. Capability inventory: The skill has the ability to modify files and execute plans in Fix Mode. Sanitization: No validation or escaping of external content is present.
- [COMMAND_EXECUTION]: In Fix Mode, the skill instructs the agent to autonomously execute generated plans to modify the codebase in SKILL.md, presenting a risk of unauthorized or harmful changes if the agent's reasoning is compromised.
Audit Metadata