project-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): The commands
/briefand/reflectare designed to ingest the entire conversation history to generate documentation, project rules, and automation suggestions. This creates a surface for indirect prompt injection where malicious instructions embedded in the chat context (e.g., from previously processed files) could be persisted into the project's permanent documentation or rule set. \n - Ingestion points: Conversation history analyzed in
commands/brief.mdandcommands/reflect.md. \n - Boundary markers: Absent (no explicit delimiters or instructions to ignore embedded commands are present in the summarization logic). \n
- Capability inventory: Write access to local filesystem (docs, rules), git commit/push operations, and GitHub issue creation. \n
- Sanitization: None mentioned; the commands focus on comprehensive extraction of details. \n- EXTERNAL_DOWNLOADS (LOW): The README.md and SKILL.md files recommend installing the skill from an untrusted external GitHub repository (
https://github.com/jezweb/claude-skills). While standard for third-party skills, this repository is not on the pre-approved trusted source list.
Audit Metadata