cook-fast
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The workflow instructions ('skip research phase', 'NO researcher subagents', 'Skip code-reviewer subagent') specifically direct the agent to override its standard operational protocols. This reduces the defensive layers usually present in the agent's reasoning loop.\n- Indirect Prompt Injection (LOW):\n
- Ingestion points: The
[tasks]argument is interpolated directly into the system-level instructions inSKILL.md.\n - Boundary markers: Input is delimited by
<tasks>tags, but the skill lacks instructions for the agent to treat this content strictly as data or to ignore embedded commands.\n - Capability inventory: The skill uses powerful capabilities including
/codefor direct implementation and/commitfor repository modification.\n - Sanitization: No input validation, escaping, or sanitization is performed on the provided tasks before interpolation.
Audit Metadata