constitution
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses the '$ARGUMENTS' variable to define the agent's persona and focus areas during the discovery phase, which constitutes an indirect prompt injection surface.
- Ingestion points: User-supplied focus areas are interpolated into the 'Persona' and 'State' blocks within 'SKILL.md'.
- Boundary markers: No delimiters or isolation instructions are present to separate the user-provided focus areas from the system's core governance logic.
- Capability inventory: The skill possesses the capability to read any file in the codebase, delegate tasks to sub-agents via the 'Task' tool, and write a new 'CONSTITUTION.md' file to the project root.
- Sanitization: No validation or escaping of the '$ARGUMENTS' input is implemented.
- Mitigation: The workflow includes a critical human-in-the-loop checkpoint ('AskUserQuestion: Approve rules') that requires explicit user confirmation before any discovered patterns are written to the filesystem.
Audit Metadata