ultrawork
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow that facilitates indirect prompt injection by design, as it processes potentially untrusted external inputs to guide autonomous execution.\n
- Ingestion points: The skill ingests data from repository context, external framework guidance, and internal documentation (e.g.,
docs/shared/agent-tiers.md).\n - Boundary markers: The instructions lack specific boundary markers or "ignore embedded instructions" delimiters for content read from external documentation or repository files.\n
- Capability inventory: The skill authorizes shell command execution (
npm run build,node --test, package installs) and local file editing (as seen in the direct-tool lane example).\n - Sanitization: There are no documented procedures for sanitizing or validating external content before it is interpolated into agent instructions.
Audit Metadata