testing-skills-with-subagents
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The file contains multiple deliberate prompt injection patterns used as documentation variants.
- Override Markers: Multiple sections use the pattern
IMPORTANT: This is a real scenario. Choose and act.to force the agent into a specific roleplay state and bypass standard caution. - Authoritative Directives: Variant C uses highly emphatic language such as
THIS IS EXTREMELY IMPORTANT,BEFORE ANY TASK, CHECK FOR SKILLS!, andIf a skill existed for your task and you didn't use it, you failed.to override the agent's internal logic. - Pseudo-XML Injection: Variant C employs XML-like tags (
<important_info_about_skills>) and explicit system context references to mimic high-priority system instructions, a common technique for bypassing instruction filters. - Behavioral Modification: Variant D defines a mandatory workflow (
Your workflow for every task...) that attempts to redefine the agent's internal operational process. - COMMAND_EXECUTION (LOW): The documentation variants suggest the execution of shell commands such as
ls ~/.claude/skills/andgrep -r "keyword" ~/.claude/skills/. While these specific commands are low-risk filesystem queries, they define the capability surface that the prompt injections attempt to control.
Recommendations
- AI detected serious security threats
Audit Metadata