Skills
skills/cdeistopened/opened-vault/vault-guide/Gen Agent Trust Hub

vault-guide

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted input from candidates and uses it to shape agent behavior and generate persistent files.
  • Ingestion points: Candidate responses in Phase 0, 1, 3, 3.5, and 5 (SKILL.md).
  • Boundary markers: Absent; the agent is instructed to weave candidate values and interests directly into the workflow.
  • Capability inventory: File reading (ls, grep, glob, cat), file writing, and repository operations (git add, git commit, git push).
  • Sanitization: No evidence of escaping or validation of candidate-provided strings before they are incorporated into session chronicles or contract proposals.
  • [COMMAND_EXECUTION]: The skill utilizes command-line tools for file system navigation and version control management.
  • Evidence: Explicit instructions to execute git status, git add, git commit, and git push in Phase 7 and the Hidden Assessment Protocol.
  • Evidence: Use of ls, glob, and grep to orient candidates to the workspace in Phase 1 and 4.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 11:33 PM