playbook-architect
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard diagnostic commands such as 'ls', 'wc', and 'grep' for file discovery and line counting. These commands are hardcoded for inventory purposes and do not involve the execution of untrusted external scripts.
- [PROMPT_INJECTION]: The skill demonstrates a vulnerability surface for indirect prompt injection (Category 8) as it is designed to read and process potentially untrusted content from other agent files.
- Ingestion points: Processes internal agent files including 'CLAUDE.md', skill definitions in '.claude/skills/', and legacy commands.
- Boundary markers: Lacks explicit delimiters or instruction isolation when processing ingested file content.
- Capability inventory: Utilizes powerful tools including 'Write', 'Edit', and 'Bash' to perform its structural upgrades.
- Sanitization: Implements an essential human-in-the-loop safety mechanism by requiring user confirmation via 'AskUserQuestion' before any modifications are finalized.
Audit Metadata