split-decision
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill uses strong directives (e.g., 'NEVER', 'ALWAYS') to override the agent's default recommendation behavior. These instructions are structural in nature and aimed at improving decision quality rather than bypassing safety protocols.
- [COMMAND_EXECUTION] (LOW): The skill whitelists several bash utilities (find, grep, cat, head, ls) and a file-read tool. While restricted to read-only operations, these provide a mechanism for the agent to access and expose local file content if prompted.
- [INDIRECT_PROMPT_INJECTION] (LOW): 1. Ingestion points: User queries regarding technology choices and local project files. 2. Boundary markers: None present. 3. Capability inventory: Read-only file access and directory discovery via bash. 4. Sanitization: None. The skill's attack surface is limited to influencing architectural recommendations based on untrusted file content or user input.
Audit Metadata