domain-context
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by directing the agent to 'silently' load and 'trust' instructions contained within external workspace documentation files.\n- Ingestion points: The agent is instructed to read the Domain Registry from
CLAUDE.mdand subsequently read individualREADME.mdfiles from identified domain paths.\n- Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to ignore potentially malicious commands embedded in the README files.\n- Capability inventory: The skill utilizes file-reading capabilities to aggregate documentation content from the filesystem.\n- Sanitization: No sanitization, validation, or filtering is performed on the content of the documentation files before it is processed by the agent.
Audit Metadata