user-customization
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by instructing agents to prioritize instructions stored in a local markdown file.\n
- Ingestion points: The agent is explicitly directed to check the
.trae/USER_PREFERENCES.mdfile before answering, as specified in the SKILL.md and AGENTS.md files.\n - Boundary markers: No delimiters or safety instructions are defined to help the agent distinguish between user-defined preferences and malicious prompt overrides within the configuration file.\n
- Capability inventory: The 'Configuration Assistant' agent is equipped with a 'Write' tool to modify the local filesystem, which other agents then read for behavioral guidelines.\n
- Sanitization: The skill does not perform any validation or sanitization on the content of the preferences file to prevent the inclusion of harmful instructions or prompt injection payloads.
Audit Metadata