decay
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands, specifically
mv, to relocate hypothesis files between project directories (e.g., from.fpf/knowledge/L2/to.fpf/knowledge/L1/) as part of its governance workflow. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to how it processes external project data.
- Ingestion points: Reads evidence files from
.fpf/evidence/and hypothesis files from.fpf/knowledge/L2/(SKILL.md). - Boundary markers: Absent. The instructions do not define delimiters or provide guidance for the agent to ignore instructions that might be embedded within the files it reads.
- Capability inventory: The skill has the ability to read and write files, as well as execute filesystem commands (
mv) within the project structure (SKILL.md). - Sanitization: No validation or sanitization of data extracted from project files is performed before that data is used in report generation or shell command arguments.
Audit Metadata