performance
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8c) through its 'Project-Specific Learnings' feature. Evidence Chain: 1. Ingestion points: The agent is instructed to read content from
.specweave/skill-memories/performance.mdvia a Bash command. 2. Boundary markers: There are no instructions to the agent to ignore or delimit potentially malicious instructions within that file. 3. Capability inventory: The agent hasBash,Read, andGrepcapabilities which could be exploited if the memory file is poisoned with malicious instructions. 4. Sanitization: No sanitization or validation is performed on the output of the file read. - [Command Execution] (LOW): The skill requests the
Bashtool to interact with the file system for memory persistence. While the specific command (cat) is benign, the presence of theBashtool increases the risk associated with the prompt injection surface mentioned above.
Audit Metadata