onboard
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the command
ls ~/.claude/.context/to check for the existence of the configuration directory on the local filesystem. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) because it ingests untrusted user input during the onboarding conversation and writes it to persistent context files used to influence the agent in future sessions.
- Ingestion points: User responses to questions about identity, work, relationships, and goals defined in
SKILL.md. - Boundary markers: None identified; instructions do not specify the use of delimiters or sanitization when writing user data to files.
- Capability inventory: The skill instructs the agent to write information to multiple files in
~/.claude/.context/core/. - Sanitization: There is no mention of filtering or validating user-provided strings before they are saved to the filesystem.
Audit Metadata