FirstPrinciples
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill includes hardcoded instructions to execute a bash command using curl for background notifications to localhost:8888. While targeting localhost, automated side-effects are a security concern and can be misused. Evidence: SKILL.md.
- [PROMPT_INJECTION] (MEDIUM): The skill directs the agent to load and apply instructions from a specific local path (~/.claude/skills/CORE/USER/SKILLCUSTOMIZATIONS/FirstPrinciples/PREFERENCES.md) to 'override default behavior'. This provides a persistent vector for instruction injection if the local filesystem is compromised. Evidence: SKILL.md.
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8). 1. Ingestion points: It is designed to process untrusted external content including 'Requirements documents', 'Technical Constraints', and 'Security Assessment' subjects. 2. Boundary markers: None; the skill lacks delimiters or warnings to ignore embedded instructions in analyzed subjects. 3. Capability inventory: The skill has the capability to execute system commands (bash/curl). 4. Sanitization: None; input subjects are analyzed and deconstructed directly without filtering or validation. Evidence: Workflows/Challenge.md, Workflows/Deconstruct.md, SKILL.md.
Recommendations
- AI detected serious security threats
Audit Metadata