monorepo-and-tooling
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a 'Memory Protocol' that instructs the agent to read context from .claude/context/memory/learnings.md, creating a surface for indirect prompt injection where malicious instructions stored in the memory file could influence behavior. Ingestion Point: .claude/context/memory/learnings.md. Boundary markers: No delimiters or ignore instructions are provided for the file content. Capability inventory: The skill utilizes Read, Write, Edit, and Bash tools. Sanitization: No validation or sanitization of the memory file content is performed.
- [COMMAND_EXECUTION]: The skill's 'Memory Protocol' in SKILL.md explicitly requires the agent to use the Bash tool to execute a cat command on a local file path as a mandatory initialization step.
Audit Metadata