pal
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses highly restrictive and imperative instructions to override the agent's default operational behavior. It mandates the use of a specific model version ("anthropic/claude-opus-4.6") and includes threats of "TASK INVALIDATION" and "task rejection" if the agent does not strictly follow the multi-step workflow rules defined in the instructions.
- [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection. It is designed to ingest and interpret untrusted data from the local filesystem (via the
relevant_filesparameter) and analyze it. - Ingestion points: File content from paths provided to the tool and the
findingsparameter string. - Boundary markers: None identified to separate the agent's instructions from the code being analyzed.
- Capability inventory: The skill possesses extensive capabilities to read files, analyze architecture, and perform code refactoring across the project.
- Sanitization: No explicit sanitization or validation of the ingested code content is mentioned.
- [PROMPT_INJECTION]: The skill uses metadata that references a potentially deceptive or non-existent model version ("claude-opus-4.6") to enforce a perceived requirement for high-level reasoning.
Audit Metadata