Skills
skills/oimiragieo/agent-studio/expo-framework-rule/Gen Agent Trust Hub

expo-framework-rule

Warn

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The 'Memory Protocol' in SKILL.md uses mandatory language ('MANDATORY', 'ASSUME INTERRUPTION') to force the agent to read a specific file path ('.claude/context/memory/learnings.md') before beginning tasks, potentially bypassing operational boundaries. \n- [COMMAND_EXECUTION]: The skill includes a shell command block ('cat .claude/context/memory/learnings.md') and instructs the agent to run it as a mandatory prerequisite, inducing the agent to perform file system operations via the prompt. \n- [PROMPT_INJECTION]: The skill processes untrusted external code (via 'Read', 'Write', and 'Edit' tools) without boundary markers or sanitization, creating an indirect prompt injection surface. \n
  • Ingestion points: External files matching '/expo//.'. \n
  • Boundary markers: None. \n
  • Capability inventory: 'Read', 'Write', and 'Edit' tools. \n
  • Sanitization: None provided.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 02:04 PM