framework-initiative
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill defines a Trust Hierarchy that instructs agents to prioritize 'Currently running code' and 'Passing test suites' over 'External documentation' like READMEs or wikis. This creates a vulnerability to indirect prompt injection where instructions hidden in code comments, test cases, or strings could be treated as the primary source of truth, potentially bypassing safety guidelines or system prompts.
- Ingestion points: The agent is directed to read source code, test files, and git history (documented in SKILL.md and references/impact-analysis.md).
- Boundary markers: None provided. The framework lacks instructions to differentiate between technical implementation and embedded natural language commands in the source files.
- Capability inventory: The skill empowers the agent to perform file-system reads (grep, find) and code modifications based on the intent derived from the analyzed files.
- Sanitization: No sanitization or filtering process is described for content ingested from the local codebase.
- [COMMAND_EXECUTION]: The documentation provides specific command-line templates for the agent to execute during dependency and impact analysis.
- Evidence: references/impact-analysis.md suggests 'grep -r "functionName(" --include="*.ts"' and 'grep -r "from.*oldFileName"'.
- Evidence: references/star-framework.md includes 'find . -name ".test." -o -name ".spec."'.
- [NO_CODE]: The skill consists entirely of markdown documentation and reference files (SKILL.md and files in the references/ directory). No executable code, scripts, or binary files are included in the skill distribution.
Audit Metadata