Skills
skills/abilityai/abilities/adjust-playbook/Gen Agent Trust Hub

adjust-playbook

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute shell commands including ls, grep, cat, and cp.
  • It targets sensitive local directories such as .claude/skills/ and ~/.claude/skills/ to manage agent instructions.
  • The archiving workflow uses cp -r to create backups of directories, which involves executing shell commands with parameters derived from the environment and arguments.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
  • Ingestion points: Instructions for modifications are drawn from $ARGUMENTS and the broader "conversation context," which may include untrusted data from previous agent tasks (e.g., web browsing results).
  • Boundary markers: The workflow does not explicitly define markers to separate trusted instructions from untrusted data within the conversation context.
  • Capability inventory: The skill has the ability to rewrite other agent skills (Edit tool) and execute shell commands (Bash tool).
  • Sanitization: The skill relies on a manual user approval step ("Step 5: Confirm") before applying any changes, which serves as a primary defense against malicious modifications, though the agent itself might still be influenced during the proposal phase.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 11:46 PM