rules-from-coding-agent-failures
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an Indirect Prompt Injection surface by ingesting and processing failure logs to generate system-level rules.
- Ingestion points: The
promoteworkflow reads failure descriptions from files in 'docs/reflection-log/' which are considered untrusted input. - Boundary markers: The skill implements a 'W1 floor' requiring at least three separate entries before action and mandates explicit user confirmation for all changes.
- Capability inventory: The skill can modify 'AGENTS.md' and create new executable hooks or CI gates.
- Sanitization: The workflow relies on manual human review of proposed instructions rather than automated sanitization of log content.
Audit Metadata