break-loop
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes bug-fix data from the conversation history to generate analysis and update project specifications. It lacks boundary markers to isolate this untrusted input and does not specify sanitization procedures. When combined with the capability to write to and commit documentation files in the .trellis/spec/ and src/templates/ directories, this creates an indirect prompt injection surface where malicious instructions in a bug description could be persisted into project guides. Mitigation includes wrapping external content in delimiters and adding explicit instructions to ignore embedded commands.
- [NO_CODE]: The skill consists entirely of markdown instructions and templates, with no executable scripts, binaries, or configuration files provided.
- [SAFE]: The structured methodology for bug analysis and the directives to maintain internal thinking guides are consistent with established software engineering best practices for knowledge capture and process improvement.
Audit Metadata