Skills
skills/agarichan/sefirot/sefirot-plan/Gen Agent Trust Hub

sefirot-plan

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates external data from $ARGUMENTS and local project files into its document generation process without isolation. Malicious content in these sources could influence the agent's logic or the generated content.\n
  • Ingestion points: Processes $ARGUMENTS, CLAUDE.md, and documents in the docs/ folder.\n
  • Boundary markers: No explicit delimiters or instructions are used to separate untrusted data from the system's instructions.\n
  • Capability inventory: Executes the date command, writes to .env and docs/tasks/, and performs git commits.\n
  • Sanitization: No sanitization or validation of the input content is performed.\n- [COMMAND_EXECUTION]: The skill executes a system command to generate a timestamped filename.\n
  • Evidence: Runs TZ=Asia/Tokyo date +%Y%m%d_%H%M to create a prefix for the generated design document.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 11:28 AM