swain-config
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill modifies persistent project configuration files to inject rules that override the agent's default behavior and mandate the use of specific external skills. Evidence: The injected instructions include directives such as 'do not improvise artifact creation outside the skill' and 'Do not use built-in agent todos when this skill is available.'
- [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by writing rules that will be read by the agent in all future project sessions. 1. Ingestion points: CLAUDE.md and .cursor/rules/swain-governance.mdc. 2. Boundary markers: The skill uses '' and '' tags as delimiters. 3. Capability inventory: The skill uses the Bash tool for environment checks (grep) and Write/Edit tools for file modification. 4. Sanitization: The skill injects hardcoded instruction blocks without sanitizing them against agent safety constraints.
- [COMMAND_EXECUTION]: The skill executes a shell command to verify whether the governance rules are already present in the host project. Evidence: 'grep -l "swain governance" CLAUDE.md .cursor/rules/swain-governance.mdc 2>/dev/null'
Audit Metadata