agentic-rules-writer
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by scanning and incorporating data (names and descriptions) from other installed skills and agents into the generated system rules. If a user has a malicious skill installed, its description could influence the final rule file and agent behavior.
- Ingestion points: Phase 4 scans
SKILL.mdand agent configuration files in multiple directories, including the user's home directory. - Boundary markers: The generated rule file does not appear to use strict delimiters or 'ignore embedded instructions' warnings for the data extracted from external metadata.
- Capability inventory: The skill performs file system reads and writes persistent configuration files that direct agent behavior.
- Sanitization: The skill does not perform explicit sanitization or validation of the metadata extracted from external files before interpolation.
- [PROMPT_INJECTION]: The skill implements a 'Persona' feature that introduces role-playing instructions into the agent's system prompt. This is mitigated by a mandatory safety constraint included in the generated output that prioritizes technical accuracy and precision over the persona character.
Audit Metadata