Skills
skills/ai-native-camp/camp-2/day3-clarify/Gen Agent Trust Hub

day3-clarify

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes shell commands including git for repository management, gh for Pull Request submission, and npx for installing curriculum-related skills. These actions are aligned with the primary educational purpose.
  • [EXTERNAL_DOWNLOADS]: Uses curl to retrieve documentation and employs npx and /plugin commands to fetch skills and plugins from the vendor's repository.
  • [PROMPT_INJECTION]: Ingests untrusted user requirements in references/block1-experience-vague.md and templates/clarify-vague.md. While explicit boundary markers are not used, the risk is mitigated by a structured multi-turn protocol and a mandatory verification step for PRD content before GitHub submission.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 11:27 AM