clarify
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions direct the agent to 'check the codebase' and 'obvious project conventions', specifically mentioning sensitive file paths like
.env. While intended to resolve naming conventions and project structure, reading these files exposes sensitive configuration data to the agent context. - [PROMPT_INJECTION]: The skill processes untrusted user input (the 'messy ask') to generate executable output, creating a surface for indirect prompt injection where malicious input could influence the agent's reasoning or the final prompt deliverable.
- Ingestion points: User input captured via the skill's primary argument hint.
- Boundary markers: The skill uses a structured
Final prompt:heading to separate the generated artifact from the conversation. - Capability inventory: The skill allows for file system reading (context gathering), file writing (saving prompts), and shell command execution (executing the final prompt).
- Sanitization: No specific sanitization or validation of the user's input is performed before it is incorporated into the prompt refinement process.
- [COMMAND_EXECUTION]: The workflow offers an 'Execute it now' option, which allows for the immediate execution of generated scripts or instructions. This is mitigated by a required user confirmation step at the end of the interview process.
Audit Metadata