Skills
skills/bulls-cows/skills/yy-create-rule/Gen Agent Trust Hub

yy-create-rule

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by design. It accepts arbitrary user-provided text through the rule parameter and persists it into Markdown files within the .agents/rules/ directory. These files are intended to be read by the AI in subsequent interactions to define project norms and constraints, allowing potentially malicious instructions to be stored and executed by the AI later.
  • Ingestion points: User-provided rule parameter defined in SKILL.md frontmatter.
  • Boundary markers: The skill lacks mechanisms to wrap the user-provided content in protective delimiters or include 'ignore embedded instructions' warnings when writing to documentation files.
  • Capability inventory: The skill uses file modification tools (Edit/Write) to update AGENTS.md and create new files in .agents/rules/.
  • Sanitization: There is no evidence of content validation, escaping, or filtering of the user's input before it is written to the filesystem.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 06:33 AM