cook-auto
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and act upon instructions found in local project files and documentation, which constitutes a vulnerability surface for indirect prompt injection if those files contain malicious instructions.
- Ingestion points: The skill reads from the .claude/skills/ directory, project documentation at docs/project-reference/domain-entities-reference.md, and test specifications under docs/test-specs/.
- Boundary markers: There are no explicit instructions to use delimiters or ignore potentially malicious instructions embedded within the ingested text.
- Capability inventory: The skill utilizes /plan, /code, and /commit slash commands to autonomously modify and commit code to the repository.
- Sanitization: No sanitization or validation logic is specified for the content read from external files before it is processed by the agent.
Audit Metadata