response-rater
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured with high-privilege tools including Bash, Write, and Edit. Its 'Memory Protocol' instructions explicitly direct the agent to execute shell commands (specifically 'cat') to manage state files within the local '.claude/context/memory/' directory.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its primary function involves processing external 'plans' and 'responses' while possessing significant system capabilities. Ingestion points: Data enters the context via files or direct text input provided for rating against rubrics. Boundary markers: The execution logic does not define delimiters or specific 'ignore' instructions to prevent the agent from obeying directives embedded in the content being audited. Capability inventory: The skill has access to tools capable of file modification (Write/Edit) and system command execution (Bash). Sanitization: No validation or sanitization is performed on the ingested content to filter for malicious directives.
Audit Metadata