candid-init
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a comprehensive suite of local shell utilities including find, grep, cat, and awk to map the project structure and extract code patterns. This is the primary mechanism for generating architectural insights and standardizing project rules.
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it uses sub-agents to read and synthesize content from the entire user codebase, which represents untrusted data.
- Ingestion points: Automated file discovery via find and file reading operations (cat, grep, and agent-based READ) across the codebase in Step 5 and Step 6, the results of which are then passed into synthesis prompts.
- Boundary markers: Not implemented. The instructions for sub-agents and the final synthesis agent do not include specific delimiters or warnings to ignore instructions found within the analyzed source files.
- Capability inventory: Full read access to local project files, execution of complex shell pipelines, and the ability to write documentation and configuration files to the .candid/ directory.
- Sanitization: None detected. The skill directly processes and summarizes source code and comments without filtering for malicious prompt directives that might attempt to hijack the agent's output.
Audit Metadata