taleb
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It processes user input (via $ARGUMENTS) and passes it to multiple sub-agents without sanitization.\n
- Ingestion points: Untrusted user descriptions are captured in Phase 1 and interpolated into the system prompts of the 'Fat-Tail Detector', 'Fragility Auditor', 'Optionality Scout', 'Iatrogenics Checker', and 'Skin-in-the-Game Auditor' agents in Phase 2.\n
- Boundary markers: The subject description is framed by a heading ('THE SUBJECT:'), but no explicit delimiters or 'ignore' instructions are used to isolate user data from the agent's task instructions.\n
- Capability inventory: The skill's environment has access to 'Bash', 'Write', 'Edit', 'WebFetch', 'Agent', and 'TeamCreate' tools.\n
- Sanitization: No validation or escaping of user-provided content is performed before it is used in prompt construction.\n- [COMMAND_EXECUTION]: The skill includes a 'Bash' command used to check environment configuration ('echo "${CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS:-not_set}"'). This use of shell execution is for environment diagnostics and does not process user input.
Audit Metadata