framework-initiative
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to treat documentation as the 'least trusted' source and explicitly states that documentation is 'not an obligation.' This logic encourages the agent to potentially ignore or down-weight instructions provided in the prompt context (which the agent may categorize as documentation) if it perceives them as conflicting with its analysis of the local codebase.\n- [COMMAND_EXECUTION]: The framework includes specific instructions for using shell commands such as
grepandfindto perform code dependency analysis. These commands allow the agent to read and search through the local file system.\n- [PROMPT_INJECTION]: The dependency analysis workflow requires reading local source code, which introduces a surface for indirect prompt injection where malicious instructions embedded in code comments could influence agent behavior.\n - Ingestion points: Source code content read via
grepandfindcommands as described inreferences/impact-analysis.mdandreferences/star-framework.md.\n - Boundary markers: The skill lacks instructions for the agent to distinguish between legitimate code logic and embedded natural language instructions or comments in the files being analyzed.\n
- Capability inventory: The agent utilizes file system read capabilities via standard shell commands (
grep,find) and potentially version control tools (git).\n - Sanitization: There is no mention of sanitizing, escaping, or validating the content retrieved from the files before the agent processes it for decision-making.
Audit Metadata