Skills
skills/camacho/ai-skills/position/Gen Agent Trust Hub

position

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements an architecture that loads and follows instructions from external files in the ai-workspace/team/ directory without validation or boundary markers. This creates a surface for indirect prompt injection where an attacker who can influence the content of these files could control the agent's behavior during session bootstrap.
  • Ingestion points: Untrusted data enters the agent context from ai-workspace/team/<name>.md, ${STATE_DIR}/PLAYBOOK.md, ${STATE_DIR}/DECISIONS.md, and .branch-context.md.
  • Boundary markers: Absent; the skill explicitly instructs the agent to "Load all files into context first" and follow the profile's instructions "verbatim."
  • Capability inventory: The agent can read/write files and execute CLI tools such as gh, git, and tail based on profile content.
  • Sanitization: No sanitization or validation of the external content is performed before interpolation into the prompt context.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of shell commands based on the content of external profiles. It specifically mentions using tools like gh (GitHub CLI) and git to regenerate live state, which allows for dynamic command execution driven by potentially untrusted data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 06:06 AM