agents-md
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to run 'smoke checks' for commands such as dev, test, and build found in the audited instruction files (SKILL.md Step 6 and refactor-workflow.md Step 5). Because these files are untrusted project data, this allows for arbitrary command execution on the user's system.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection as it processes untrusted documentation that may contain instructions designed to manipulate the agent. 1. Ingestion points: The skill reads AGENTS.md, CLAUDE.md, and local configuration files. 2. Boundary markers: No explicit delimiters or instructions are used to separate the audited content from the agent's core instructions. 3. Capability inventory: The skill grants the agent capabilities to search the filesystem and execute arbitrary shell commands found in documents. 4. Sanitization: There is no evidence of sanitization or safety validation for extracted commands prior to execution.
Audit Metadata