agents-md
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a policy that explicitly instructs the agent to treat external data from a project file ('AGENTS.md') as a binding set of rules ('AI Agent 不可做出違抗 AGENTS.md 的行為'), which enables Indirect Prompt Injection if the file contains malicious constraints or instructions.\n
- Ingestion points: The agent is instructed to check for and read the 'AGENTS.md' file from the project root directory during the start of any task.\n
- Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are provided to prevent the agent from obeying malicious prompts within the ingested file.\n
- Capability inventory: The agent is prompted to perform file system checks (checking for '.claude/' or 'CLAUDE.md') and is assumed to have standard developer tool access since the skill is designed for use during coding tasks.\n
- Sanitization: The skill does not include any validation or sanitization logic for the content of the 'AGENTS.md' file before it is incorporated into the agent's behavioral constraints.
Audit Metadata