cook-hard
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data that could contain malicious instructions. This is an indirect injection surface inherent to task-processing skills. \n
- Ingestion points: User-provided input via the $ARGUMENTS variable in SKILL.md and project documentation files located in docs/ and .claude/skills/. \n
- Boundary markers: The skill uses XML-style tags () to encapsulate user input but does not explicitly instruct the agent to ignore potential instructions embedded within documentation. \n
- Capability inventory: The skill allows for command execution (type-checking, compilation, and testing) and file modifications (writing research reports and plan files). \n
- Sanitization: No explicit validation or sanitization is performed on the ingested content. \n
- Mitigation: The risk is significantly mitigated by the skill's workflow, which mandates human approval of research plans and enforces batch checkpoints with human review for large tasks. \n- [COMMAND_EXECUTION]: The workflow involves executing system commands to compile code and run tests. This is a standard and expected capability for a skill designed to implement software features.
Audit Metadata