code-standards
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The Simplified Chinese (
code-standards-zh-CN.md) and Traditional Chinese (code-standards-zh-TW.md) templates contain hidden instructions that force the agent to use specific honorifics ('Brother') in all subsequent interactions. This is a behavioral override intended to modify the agent's persona without explicit user request for that specific quirk. - [PROMPT_INJECTION] (MEDIUM): The
SKILL.mdinstructions command the agent to 'Execute immediately' and 'Unconditionally overwrite existing files' without seeking user confirmation. This attempts to bypass standard AI safety and helpfulness protocols regarding destructive file system operations. - [COMMAND_EXECUTION] (LOW): The skill utilizes a bash script block to detect the presence of various AI tools in the project root. While the specific commands are read-only (
git rev-parse,[ -d ... ]), the pattern of executing arbitrary shell code for environment detection establishes a capability that can be easily abused if modified. - [DATA_EXPOSURE] (SAFE): The tool detection logic only checks for the existence of directories and metadata files related to AI configuration (e.g.,
.cursor,AGENTS.md) and does not attempt to read sensitive credentials or exfiltrate data.
Audit Metadata