rigorous-execution
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill mandates that the agent autonomously generates and executes verification code (such as tests, assertions, or trial runs) before declaring a task complete. This behavior increases the risk of executing flawed or malicious logic generated during a session. Evidence: Found in SKILL.md section 4: "must leave behind one runnable piece of evidence — a small test, an assert block, or a trial run with output. Run it before declaring completion."
- [PROMPT_INJECTION]: The skill creates a significant surface for indirect prompt injection by instructing the agent to ingest and act upon external files and tool outputs without implementing boundary markers or instructions to ignore embedded commands.
- Ingestion points: The skill specifies reading local files and tool outputs as primary sources of context (SKILL.md: "Read the file before editing it", "Anything a tool can answer... answer it with the tool").
- Boundary markers: Absent. There are no instructions to use delimiters or ignore instructions found within processed files.
- Capability inventory: The agent is granted capabilities to read files, edit files, and execute generated code/tests.
- Sanitization: Absent. No sanitization, escaping, or validation of external content is required before the agent processes or executes tests against it.
Audit Metadata