rigorous-execution

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill mandates that the agent autonomously generates and executes verification code (such as tests, assertions, or trial runs) before declaring a task complete. This behavior increases the risk of executing flawed or malicious logic generated during a session. Evidence: Found in SKILL.md section 4: "must leave behind one runnable piece of evidence — a small test, an assert block, or a trial run with output. Run it before declaring completion."
  • [PROMPT_INJECTION]: The skill creates a significant surface for indirect prompt injection by instructing the agent to ingest and act upon external files and tool outputs without implementing boundary markers or instructions to ignore embedded commands.
  • Ingestion points: The skill specifies reading local files and tool outputs as primary sources of context (SKILL.md: "Read the file before editing it", "Anything a tool can answer... answer it with the tool").
  • Boundary markers: Absent. There are no instructions to use delimiters or ignore instructions found within processed files.
  • Capability inventory: The agent is granted capabilities to read files, edit files, and execute generated code/tests.
  • Sanitization: Absent. No sanitization, escaping, or validation of external content is required before the agent processes or executes tests against it.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 09:19 AM
Security Audit — agent-trust-hub — rigorous-execution