user-proxy
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The AGENTS.md file mandates a session gate requiring the agent to execute the compose-agentsmd command before responding to any user message.
- [EXTERNAL_DOWNLOADS]: The skill instructions advise the agent to perform a global installation of the compose-agentsmd package using npm if it is not present.
- [EXTERNAL_DOWNLOADS]: The agent-ruleset.json file is configured to pull rule updates from a remote GitHub repository (github:metyatech/agent-rules@HEAD).
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by processing untrusted agent plans and outputs without defined boundary markers.
- Ingestion points: Processes agent plans, work outputs, and completion claims as defined in SKILL.md.
- Boundary markers: No specific delimiters or instructions are provided to the agent to disregard instructions potentially embedded within the data being reviewed.
- Capability inventory: The environment allows command execution and global package installation via npm as defined in the rules.
- Sanitization: There is no evidence of sanitization or validation of the content being reviewed.
Audit Metadata