team
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an architecture that loads and executes instructions from external persona files, creating a surface for indirect prompt injection. Adversarial content in these files could potentially override the skill's logic or safety guidelines.
- Ingestion points: Local persona files loaded from
/Users/nke/.claude/personas/*.mdinto the agent context. - Boundary markers: Absent. The skill does not utilize delimiters or specific instructions to isolate the persona content from the primary agent instructions.
- Capability inventory: The skill uses
web_searchandexain Phase 3, and grants access toALL_TOOLSduring the implementation phase (Phase 5). - Sanitization: Absent. There is no evidence of content validation or escaping for the persona files before they are processed.
- [SAFE]: The
SKILL.mdfile contains a hardcoded absolute path (/Users/nke/.claude/personas/*.md) that assumes a specific user profile ('nke'). This is a development oversight that impacts portability but does not present a malicious intent or direct security vulnerability.
Audit Metadata