verification-before-completion
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it mandates reading and acting upon the full output of external commands and user-provided files. Ingestion points: Command outputs from the Bash tool and target file content specified in the input schema. Boundary markers: No delimiters or explicit instructions are provided to the agent to ignore potentially malicious instructions embedded within the verification data. Capability inventory: The agent is granted Bash execution, file reading, and the ability to write state to memory files, which could be exploited if malicious data is processed. Sanitization: There is no logic defined to sanitize or validate external content before it is processed by the agent.
- [PROMPT_INJECTION]: The skill uses coercive and forceful imperative language ('Iron Law', 'non-negotiable', 'you'll be replaced') to override default agent behaviors regarding task completion reporting. While intended to enforce a quality process, these patterns align with behavioral override techniques used to manipulate agent constraints.
Audit Metadata