extract-business-rules
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external PHP files to extract rules. If these files contain malicious instructions hidden in comments or strings, the agent might interpret them as valid commands or context.\n
- Ingestion points: PHP source files throughout the project structure (e.g., **/.php, /Domain//.php).\n
- Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within the processed files.\n
- Capability inventory: The skill utilizes file system read access and command execution via grep to process content.\n
- Sanitization: No sanitization or validation of the extracted strings is performed before they are presented to the agent for translation and cataloging.\n- [COMMAND_EXECUTION]: The skill relies on shell-based grep commands to scan the filesystem. While the patterns provided are static and intended for analysis, the use of subprocess-like command execution for searching represents a capability that processes untrusted file content.
Audit Metadata