alread
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it reads and processes the content of untrusted external files (
*spec.mdand*summary.md) from a dynamic task directory into the agent's context. Maliciously crafted content within these files could attempt to influence or override agent behavior. - Ingestion points: Reads multiple files matching specific patterns in the
TASK_DIR(referenced inSKILL.md). - Boundary markers: No explicit delimiters or "ignore embedded instructions" warnings are utilized when interpolating the file content into the prompt.
- Capability inventory: The skill is configured to read file contents and traverse directory structures (
../alignfirst/SKILL.md) to establish context. - Sanitization: There is no evidence of sanitization, escaping, or validation of the data ingested from the external markdown files.
Audit Metadata