onboard
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute local Python scripts (./.trellis/scripts/task.py) and shell commands (grep) to manage developer tasks and check guideline status. These are standard operations within the described development workflow.
- [PROMPT_INJECTION]: Instructional phrases like 'CRITICAL INSTRUCTION' are used to steer agent behavior during onboarding. These are benign and do not attempt to bypass safety filters.
- [PROMPT_INJECTION]: The skill describes an intentional indirect prompt injection surface where guidelines are loaded from the filesystem to influence AI behavior. 1. Ingestion points: .trellis/spec/ and .trellis/workspace/ files. 2. Boundary markers: None explicitly mentioned in the onboarding instructions. 3. Capability inventory: Execution of local scripts and shell commands. 4. Sanitization: No sanitization of external guideline content is described.
Audit Metadata