slfg
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-supplied input through the
$ARGUMENTSvariable in the/ce:plancommand without explicit delimiters or sanitization instructions. This creates a surface for indirect prompt injection where a malicious feature description could attempt to influence the agent's behavior during the automated workflow. - Ingestion points:
SKILL.md(via$ARGUMENTS) - Boundary markers: Absent
- Capability inventory: The workflow includes automated code generation (
/ce:work), browser-based testing (/compound-engineering:test-browser), and direct file system modification via autofixing (/ce:review mode:autofix). - Sanitization: No input validation or instruction filtering is present in the skill definition.
Audit Metadata