divine
Warn
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): Vulnerability to Indirect Prompt Injection through untrusted project registries.
- Ingestion points: Step 3 in SKILL.md loads all project-level SKILL.md, agent .config.json, and command .md files to build a catalog.
- Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands when parsing the registries.
- Capability inventory: The skill writes recommendation workflows to files in /claudedocs/ and updates shared project memory via memoryStore.update.
- Sanitization: No sanitization or verification of the content from external registries is performed. Risk: A malicious file in the project could manipulate the discovery logic to gain unearned trust or misdirect the agent toward compromised tools.
Audit Metadata