internalize
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it transforms untrusted user input or conversation history into persistent agent directives.
- Ingestion points: Conversation history or user-provided arguments in Step 1 are used to derive directives.
- Boundary markers: There are no explicit delimiters used to separate user-provided content from the skill's instructions during the analysis phase.
- Capability inventory: The skill uses 'Glob', 'Read', 'Write', and 'Edit' tools to modify system-critical instruction files such as .cursorrules, CLAUDE.md, and .clinerules.
- Sanitization: No automated sanitization is performed; however, the skill incorporates a mandatory 'AskUserQuestion' tool in Step 5 to allow the user to review and approve the draft directive before it is written to the filesystem.
Audit Metadata