drill-recovery
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from the project codebase to determine the tech stack and generate recovery scenarios. Malicious instructions placed in project metadata could influence the agent's behavior during a drill.
- Ingestion points:
CLAUDE.md,package.json,supabase/migrations/,prisma/schema.prisma, anddocs/.dr-state.json. - Boundary markers: Absent. The agent is instructed to read these files directly without specific delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill has permissions to read various project files and write markdown files and shell scripts to the local directory.
- Sanitization: No explicit sanitization or validation of the input file content is mentioned.
- [Dynamic Execution] (LOW): The skill offers to generate executable shell scripts (e.g.,
scripts/dr-backup.sh) based on the detected environment. While these are generated from templates and require user confirmation, they constitute script generation. - [Data Exposure] (SAFE): Although the skill scans files that often contain configuration details or environment variable names, it focuses on architectural posture (e.g., checking if RLS is enabled or if
.envis in.gitignore) rather than extracting secrets. No network exfiltration patterns were detected.
Audit Metadata