impeccable
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute a bundled Node.js script (
cleanup-deprecated.mjs) during a one-time maintenance phase to remove legacy directories and modify theskills-lock.jsonfile. - [COMMAND_EXECUTION]: The skill includes a self-modification directive, requiring the agent to delete a specific section of its own
SKILL.mdsource file upon successful completion of the maintenance script. - [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface through project-wide codebase scanning in 'teach' mode.
- Ingestion points: README.md, package.json, and existing source code components are read to infer design context.
- Boundary markers: Absent; no instructions are provided to the agent to distinguish between project data and potentially malicious embedded instructions in the codebase.
- Capability inventory: Includes filesystem writes (creation of
.impeccable.md), file extraction and refactoring ('extract' mode), and execution of Node.js scripts. - Sanitization: Absent; the skill does not appear to sanitize or filter contents of scanned project files before incorporating them into the design context.
Audit Metadata