first-principles-thinking
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local utility script (
./.trellis/scripts/task.py) via the command line to manage project context. This pattern introduces a dependency on the existence and integrity of local scripts within the project directory. - [PROMPT_INJECTION]: The skill is designed to analyze user-provided problems and potentially untrusted project data. It lacks robust boundary markers or sanitization logic to isolate this data from the agent's instructional context, posing a risk of indirect prompt injection.
- Ingestion points: User-supplied problem descriptions and technical documentation in the
.trellis/tasks/directory. - Boundary markers: The instructions utilize markdown formatting but do not explicitly warn the agent to ignore instructions embedded within the processed data.
- Capability inventory: Writing to the file system (
fp-analysis.md) and executing shell commands (Python script execution). - Sanitization: No input validation or escaping is applied to the data analyzed during the 6-phase process.
Audit Metadata