bootstrap
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by generating a persistent AI instruction file (CLAUDE.md) based on data gathered during a user interview.
- Ingestion points: User responses to interview questions in Stages 1-6 and contents of legacy files (BRAND.md, SOUL.md).
- Boundary markers: The skill uses Markdown headers and templates but lacks explicit instructions to ignore potentially malicious embedded content in generated files.
- Capability inventory: The skill uses the Write tool to create files/folders and performs file deletion during migration.
- Sanitization: No explicit sanitization or filtering of user input is performed before writing to instruction files.
- [COMMAND_EXECUTION]: The skill performs automated file and directory deletion.
- Evidence: In the MIGRATION PHASE section of SKILL.md, the skill is instructed to delete specific legacy files (BRAND.md, SOUL.md, MEMORY.md) and directories (artifacts/, archive/) after migrating their content.
Audit Metadata