think
Warn
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands to verify the environment and determine the project root. Evidence:
pwd,git rev-parse --show-toplevel.- [CREDENTIALS_UNSAFE]: The skill instructs the agent to open and read sensitive environment configuration files to extract values for planning. Evidence: Instructions to access.envand other configuration files likepake.jsonortauri.conf.jsonto 'lift the live value'.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by design, as it incorporates and prioritizes instructions found in unverified local files. - Ingestion points: Reads instructions from
AGENTS.md,CLAUDE.md,.claude/rules/*.md, and user-provided memory paths. - Boundary markers: Absent; the skill is instructed to follow rules found in these files and surface contradictions rather than ignoring them.
- Capability inventory: Shell command execution (
pwd,git) and broad filesystem read access across the project directory. - Sanitization: No sanitization or validation is performed on the content ingested from the local instruction files.
Audit Metadata