tall-stack-general
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The SKILL.md file contains a 'Memory Protocol' section that instructs the agent to execute the shell command 'cat .claude/context/memory/learnings.md'. This command is intended to retrieve context but represents a direct use of command execution to access local files.\n- [PROMPT_INJECTION]: The skill is designed to review and process untrusted code provided by users, which creates a surface for indirect prompt injection.\n
- Ingestion points: Untrusted code enters the agent context via the 'target' file or path parameter defined in 'schemas/input.schema.json'.\n
- Boundary markers: The instructions in 'SKILL.md' and 'references/tall-stack-general.mdc' lack delimiters or explicit warnings for the agent to ignore instructions embedded within the reviewed code.\n
- Capability inventory: The skill has access to powerful 'Read', 'Write', and 'Edit' tools, which could be exploited if the agent obeys instructions inside the code.\n
- Sanitization: There is no evidence of sanitization, filtering, or validation of the code content before it is processed by the agent.
Audit Metadata