Skills
skills/ulpi-io/skills/start/Gen Agent Trust Hub

start

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill uses aggressive instructional language to override the AI agent's standard operating procedures and safety guidelines. It defines a 'MANDATORY FIRST RESPONSE PROTOCOL' and uses forceful phrases such as 'ABSOLUTELY MUST,' 'not negotiable,' and 'not optional' to compel the agent to prioritize these instructions over its internal logic and previously defined constraints.\n- [PROMPT_INJECTION]: The skill implements an automated discovery mechanism that scans the file system for other skill definitions (.claude/skills/*/SKILL.md) using the Glob tool and reads their content, creating a surface for indirect prompt injection.\n
  • Ingestion points: SKILL.md (Discovery Process) and references/discovery.md utilize Glob and Read to ingest content from arbitrary local skill files.\n
  • Boundary markers: The skill lacks delimiters or 'ignore embedded instructions' warnings when processing these discovered files.\n
  • Capability inventory: The agent has the ability to invoke discovered skills via the Skill tool, delegate tasks to sub-agents via the Task tool, and modify project configuration files via the Edit tool (specifically CLAUDE.md).\n
  • Sanitization: No sanitization, escaping, or validation is performed on the content of the discovered skill files before the agent is instructed to follow them.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 06:52 PM