strict-user-requirements-adherence
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXPOSURE]: The skill's 'Memory Protocol' in SKILL.md explicitly instructs the agent to execute
cat .claude/context/memory/learnings.md. Accessing internal agent context or hidden configuration directories via shell commands is a security risk as it can expose sensitive historical data or metadata intended for internal system use. - [PROMPT_INJECTION]: The skill employs strong imperative language and 'Iron Laws' (e.g., 'NEVER', 'ALWAYS') to mandate strict adherence. Specifically, the file commands/strict-user-requirements-adherence.md includes the instruction 'follow it exactly as presented to you', which is a common pattern used to attempt to override system prompts or safety constraints.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to review and process user-provided code and requirements (ingesting via the '**/.' glob). It lacks boundary markers or sanitization logic. Given that the skill has powerful capabilities like 'Write' and 'Edit', an attacker could embed malicious instructions within the code being reviewed (e.g., in comments) that the agent might execute due to the skill's directive to 'strictly adhere' to the content it processes.
- Ingestion points: Processes all files within the workspace via the 'Read' tool and globs.
- Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present in the instructions.
- Capability inventory: Includes Read, Write, and Edit tools, which allows for file system modification.
- Sanitization: None provided; the agent is simply told to analyze the code against guidelines.
Audit Metadata