add-rules
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill executes a local shell script
scripts/analyze-structure.shto analyze the project's directory structure. The script uses informational commands and does not perform any harmful actions. - PROMPT_INJECTION (LOW): The skill reads and converts untrusted external files (.cursorrules, .mdc), which introduces a surface for indirect prompt injection.
- Ingestion points: External files such as
.cursorrules,*.mdc, and.claude/rules/*.mdare read and processed. - Boundary markers: Absent. No delimiters or warnings are used when processing the content of these files.
- Capability inventory: The skill can execute local analysis scripts and write new skill files to the repository.
- Sanitization: Absent. No sanitization or validation of the input content is performed.
Audit Metadata