context-initialization
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is specifically designed to inject high-priority instructions into the agent's context using imperative language to override default behaviors.
- Evidence: The template in
references/AGENTS.mduses markers like "IMPORTANT: Use Available Skills First" and "Always use available database skills before writing custom database access code." - Impact: This forces the agent to prioritize specific workflows, effectively acting as a persistent system prompt override within the workspace.
- Indirect Prompt Injection (LOW): The skill creates a vulnerability surface by modifying a file that influences agent behavior and explicitly preserving existing content without sanitization.
- Ingestion points:
references/AGENTS.mdand the existingAGENTS.mdin the workspace root. - Boundary markers: Absent. There are no delimiters separating the auto-generated content from existing or future custom instructions.
- Capability inventory: File modification of agent instruction files (
AGENTS.md). - Sanitization: Absent. The skill documentation states it "preserves any custom instructions or modifications," which means it would carry forward any malicious instructions previously injected into the file by other processes or users.
Audit Metadata