design-and-user-experience-guidelines
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The SKILL.md file includes a mandatory instruction to execute 'cat .claude/context/memory/learnings.md' via bash. This command reads internal agent context files from the local filesystem.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes arbitrary files across the workspace.
- Ingestion points: The skill is configured to work with all files matching the '**/*' glob pattern.
- Boundary markers: There are no defined delimiters or instructions to ignore embedded commands within the files being analyzed.
- Capability inventory: The agent is granted Read, Write, and Edit tools, alongside the ability to execute shell commands for its memory protocol.
- Sanitization: The skill lacks mechanisms to sanitize or validate the content of processed files before they are interpreted by the agent.
Audit Metadata