Skills
skills/ashe-li/agent-skills/design/Gen Agent Trust Hub

design

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to the way it processes external data.
  • Ingestion points: User input ($ARGUMENTS), project file structures (ls, git status), and platform-specific commands (~/.claude/commands/) are ingested and passed to the planner sub-agent in Step 3.
  • Boundary markers: The instructions lack specific boundary markers or delimiters (e.g., XML tags or clear 'ignore' warnings) to prevent the planner agent from obeying instructions embedded within the ingested requirements.
  • Capability inventory: The agent has access to powerful tools such as Bash, Write, Edit, and the ability to spawn sub-agents via the Agent tool.
  • Sanitization: There is no evidence of input validation or sanitization before the data is processed by the planner.
  • Mitigation: The risk is mitigated by a mandatory human-in-the-loop review process (Step 4b) using EnterPlanMode and a quality review step (Step 4a) where a separate sub-agent checks the plan's validity against specific criteria.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 08:28 AM