authentication-flow-rules
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest and process untrusted data from the workspace.
- Ingestion points: The skill targets files matching
frontend/app/(landing-page)/**/*action.tsfor review and modification. - Boundary markers: There are no explicit instructions or delimiters defined to separate untrusted code content from the agent's primary instructions.
- Capability inventory: The skill utilizes
Read,Write, andEdittools to interact with the file system. - Sanitization: No sanitization or validation mechanisms are implemented to prevent malicious instructions embedded in the analyzed code from influencing the agent's behavior.
- [COMMAND_EXECUTION]: The 'Memory Protocol' defined in the instructions directs the agent to execute a shell command (
cat .claude/context/memory/learnings.md) to retrieve context. While intended for state management, this represents a pattern of local command execution based on instruction content.
Audit Metadata