verification-before-completion
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [Prompt Injection] (LOW): The skill employs coercive and absolute language ('Iron Law', 'Non-negotiable', 'Lying', 'Spirit over letter') to strictly override the agent's default behavior regarding task completion reporting. This mimics patterns found in prompt injection attempts that seek to bypass standard operational guidelines.
- [Indirect Prompt Injection] (LOW): Surface vulnerability identified. The skill instructs the agent to ingest and trust external data (command output) as the sole proof of success. If the output of a verification command is controlled by a malicious actor, it could contain instructions designed to manipulate the agent. Evidence: 1. Ingestion points: Terminal/command output; 2. Boundary markers: None specified; 3. Capability inventory: Implicit subprocess/shell command execution; 4. Sanitization: None.
- [No Code] (SAFE): The skill consists entirely of markdown documentation and contains no scripts, binaries, or automated tasks, which limits the risk of direct remote code execution.
Audit Metadata