do
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell command execution for both telemetry logging and project management. It invokes a project-local Node.js script located at
.citadel/scripts/telemetry-log.cjsand triggers standard project-specific commands likebuild,test, andtypecheckbased on Tier 0 pattern matching inSKILL.md.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it acts as a gateway for arbitrary user input to be passed to other orchestrators and tools. While it performs classification, it lacks explicit sanitization or boundary delimiters for the interpolated strings. - Ingestion points: User input passed to the
/do [anything]entry point inSKILL.md. - Boundary markers: Absent; user input is routed directly to target tools.
- Capability inventory: Local file system access (read/write), shell command execution via Node.js, and capability to invoke secondary skills.
- Sanitization: Absent; the skill relies on destination tools for input handling.
Audit Metadata