visual-and-observational-rules
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The 'SKILL.md' file contains a memory protocol instruction for the agent to execute 'cat .claude/context/memory/learnings.md'. This command is used to read internal state from a local file.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted code (e.g., 'visuals.py') and accepts code for review without employing boundary markers or sanitization. Evidence: 1. Ingestion points: 'visuals.py' and user-provided code review tasks. 2. Boundary markers: Absent. 3. Capability inventory: 'Read', 'Write', 'Edit' and shell execution. 4. Sanitization: No filtering or escaping detected.\n- [EXTERNAL_DOWNLOADS]: The 'research-requirements.md' file mentions using research tools such as Exa and WebFetch, which involves external network requests for information gathering.
Audit Metadata