testing-skills-with-subagents
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The document contains instructional templates (Variants B, C, and D) designed to force specific behaviors and override the agent's internal reasoning.
- Evidence: In
examples/CLAUDE_MD_TESTING.md, instructions include: 'THIS IS EXTREMELY IMPORTANT. BEFORE ANY TASK, CHECK FOR SKILLS!' and 'If a skill existed for your task and you didn't use it, you failed.' - Context: These patterns are explicitly designed to prevent the agent from 'rationalizing away compliance' and to ensure obedience even under pressure.
- COMMAND_EXECUTION (LOW): The instructions direct the agent to automatically perform local filesystem operations.
- Evidence: The documentation suggests using commands like
ls ~/.claude/skills/andgrep -r "keyword" ~/.claude/skills/as part of the mandatory pre-task workflow. - Context: While these specific commands are low-risk utilities, the practice of enforcing automated command execution through prompt instructions increases the potential attack surface if the target directory or search keywords were controlled by an external actor.
Audit Metadata