shared
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a 'Validation Contract' that establishes an indirect prompt injection surface by instructing agents to execute shell commands provided in task metadata.
- Ingestion points: Metadata fields such as
command,tests, andlintdefined invalidation-contract.md, which are often derived from external issue descriptions. - Boundary markers: Absent. The contract does not specify delimiters to separate instructions from data or warnings to ignore embedded commands.
- Capability inventory: The documentation explicitly references executing these metadata strings using
subprocess.run(command, shell=True)(logic documented invalidation-contract.md). - Sanitization: Absent. The specification lacks requirements for escaping or validating input before shell execution.
Audit Metadata