english-mode
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection (the !command syntax) to execute jq at load time. This is used to read the .claude/features.json file within the project directory to synchronize state.
- [PROMPT_INJECTION]: The skill is vulnerable to prompt injection due to direct interpolation of user input. 1. Ingestion points: The $ARGUMENTS variable in SKILL.md. 2. Boundary markers: The variable is wrapped in double quotes. 3. Capability inventory: The skill utilizes Bash and Read tools to modify project files. 4. Sanitization: There is no validation or filtering of the argument content before it is included in the prompt, allowing an attacker to potentially influence the agent's behavior.
Audit Metadata