blueprint-rules
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests and uses the Bash tool to perform file system operations, such as scanning directories and potentially creating folder structures. While the described actions are focused on rule management, the tool provides broad execution capabilities.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection through its rule generation feature (Step 6). It reads untrusted data from Project Requirements Documents (PRDs) located in
docs/prds/and automatically extracts instructions to create new rule files. - Ingestion points: Files within the
docs/prds/directory are read at runtime. - Boundary markers: The skill does not define specific delimiters or warnings to prevent the agent from obeying instructions embedded within the PRDs.
- Capability inventory: The skill uses
Write,Edit, andBashtools to create and modify.mdfiles in.claude/rules/and~/.claude/rules/, which directly influence future agent behavior. - Sanitization: There is no mention of sanitizing or validating the content extracted from PRDs before it is promoted to a rule file.
Audit Metadata