assimilate
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from untrusted external data.\n
- Ingestion points: Untrusted source code is cloned from external repositories into the
.claude/context/runtime/assimilate/workspace during Phase 1.\n - Boundary markers: The skill lacks explicit boundary markers or instructions to treat external code as untrusted data during analysis.\n
- Capability inventory: The skill generates a TDD backlog involving
Write,Edit, andBashcommands.\n - Sanitization: There is no mechanism to sanitize or validate the content of cloned repositories before it influences the generated implementation plans.\n- [PROMPT_INJECTION]: The skill metadata contains a
verified: trueclaim. This is a self-reported status by the author and does not represent a system-level security guarantee.\n- [EXTERNAL_DOWNLOADS]: The skill clones external repositories for analysis purposes.\n - Evidence: Phase 1 uses
git clone --depth=1to fetch remote codebases. This risk is mitigated by 'Iron Laws' forbidding the execution of scripts (e.g.,npm install,make,./setup.sh) from these sources.\n- [COMMAND_EXECUTION]: The skill performs command-line operations for framework management.\n - Evidence: Executes
TOOL --helpfor CLI discovery andpnpm skills:indexto update the skill registry.
Audit Metadata