session-palace-builder
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill is designed to ingest and organize external session data without explicit security boundaries.
- Ingestion points: Processes 'Conversations', 'Research', and 'Code' artifacts from the session context (documented in SKILL.md).
- Boundary markers: Absent; the skill does not implement delimiters or instructions for the agent to ignore commands embedded in session data.
- Capability inventory: Includes shell command execution via documented 'make' commands.
- Sanitization: Absent; no evidence of data validation or escaping before processing session content.
- [COMMAND_EXECUTION]: The documentation instructs the agent or user to execute 'make build', 'make clean', and 'make test' to verify functionality. This creates a command execution surface that relies on the contents of an external Makefile.
- [COMMAND_EXECUTION]: The troubleshooting section suggests running with 'appropriate privileges' when encountering permission errors, which encourages the use of elevated permissions (e.g., sudo) without documenting the associated risks.
Audit Metadata