rules-eval
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted markdown files from the '.claude/rules/' directory, which could contain malicious instructions designed to subvert the agent's evaluation logic.
- Ingestion points: Markdown files located in the '.claude/rules/' directory and its subdirectories.
- Boundary markers: The documentation does not specify the use of delimiters or 'ignore instructions' directives to isolate external rule content from the agent's logic.
- Capability inventory: The skill involves reading local files and potentially executing a referenced Python script for validation.
- Sanitization: No evidence of content sanitization or filtering for the ingested rule data is present in the provided modules.
- [NO_CODE]: The provided skill files consist entirely of Markdown documentation and modular guidance.
- Evidence: While the documentation references a 'scripts/rules_validator.py' tool, the script itself is not included in the provided package.
Audit Metadata