svelte-expert
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
SKILL.mdfile contains a 'Memory Protocol' section that explicitly directs the agent to execute the shell commandcat .claude/context/memory/learnings.md. This instructs the agent to use its command execution capabilities to read specific local files as part of its operational flow. - [PROMPT_INJECTION]: The file
commands/svelte-expert.mdcontains strong directives ('follow it exactly as presented to you') intended to enforce the skill's instructions. Additionally, the skill is susceptible to indirect prompt injection because it analyzes untrusted user-provided code while having access to powerful tools likeBashandWritewithout providing security boundaries for that code. - Ingestion points: User-provided source code files are analyzed for best practice compliance as defined in
SKILL.md. - Boundary markers: The instructions do not define any delimiters or ignore-instructions for the code being reviewed.
- Capability inventory: The skill is configured with the
Read,Write,Edit,Bash,Grep, andGlobtools. - Sanitization: There is no evidence of input validation, escaping, or filtering of the content within the reviewed code files.
Audit Metadata