discover-project-commands
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run
make -qpto extract targets from the project's Makefile. While this is a common discovery method, it involves executing a command in the local environment. - [PROMPT_INJECTION]: The skill processes content from untrusted files such as
Makefile,package.json, andsetup.pyto document available commands. This creates an indirect prompt injection surface where malicious comments or script names in a project could attempt to influence the agent's planning process. - Ingestion points: The skill reads
Makefile,package.json,go.mod,requirements.txt,Cargo.toml,setup.py, andtemplates/commands-reference.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified.
- Capability inventory: The skill performs file reads, writes results to
thoughts/notes/commands.md, and executesmake -qp. - Sanitization: There is no mention of sanitizing or validating the text extracted from project files before it is documented and used in subsequent planning steps.
Audit Metadata