rule-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it reads and processes untrusted data from target source files and other skill definitions. Ingestion points: Analyzes target files in Step 3 and reads expert skill files in Step 2. Boundary markers: None; there are no instructions to use delimiters or ignore instructions within the analyzed data. Capability inventory: The skill utilizes Bash, Write, Edit, and Read tools. Sanitization: There is no mention of content sanitization or validation before processing.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to read local skill files (e.g., cat .claude/skills/[skill-name]/SKILL.md). While this is an intended operational pattern, using shell commands on paths derived from external context requires caution to prevent unauthorized file access.
Audit Metadata