cheat-status
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute line counting operations via the 'wc -l' command on local files like 'rubric_notes.md'.
- [PROMPT_INJECTION]: An indirect prompt injection surface is identified where malicious instructions could be embedded in the files the skill processes.
- Ingestion points: The skill reads project-specific files including '.cheat-state.json', 'predictions/*.md', 'candidates.md', and 'rubric_notes.md'.
- Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are present to protect the agent from content inside these files.
- Capability inventory: The agent has access to 'Bash(*)', 'Read', 'Glob', and 'Grep', which could be leveraged if the agent follows instructions found in the ingested data.
- Sanitization: There is no evidence of validation or sanitization of the content retrieved from the file system before it is incorporated into the agent's context.
Audit Metadata