bb-constitution
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection as it ingests and processes content from multiple files within the project repository to derive values and update the constitution.
- Ingestion points: Reads content from
constitution.md,README.md, documentation in thedocs/directory, and various project templates (plan, spec, tasks, command/skill templates). - Boundary markers: The instructions do not define boundary markers or delimiters to isolate data read from files from the agent's instructions, nor do they include warnings to ignore instructions embedded in the processed data.
- Capability inventory: The skill performs file read and write operations across the repository.
- Sanitization: There is no evidence of sanitization, validation, or escaping of the content retrieved from external files before it is interpolated into the updated constitution or used to validate other templates.
Audit Metadata