agent-artifacts
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by instructing the agent to read and follow configuration overrides from a project-specific JSON file.\n
- Ingestion points: The agent is directed to read
.claude/fs-dev-settings.jsonfor directory overrides.\n - Boundary markers: Absent; the skill does not include instructions for the agent to validate the configuration source or ignore potentially malicious directives within the JSON.\n
- Capability inventory: The skill influences file system write operations by determining where artifacts are stored.\n
- Sanitization: Partial; while the skill provides a blacklist of system files that should never be redirected (e.g., .gitignore, SECURITY.md), it lacks explicit validation to ensure the
baseDirandallowedSubdirsproperties remain within the expected directory tree.\n- [NO_CODE]: The skill consists entirely of instructional markdown and does not include any executable scripts or binary files.
Audit Metadata