specify
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill metadata grants access to the Bash tool. While the workflow uses it for legitimate tasks like file management and Git operations, the tool itself is not restricted to specific paths or commands, providing a broad capability for arbitrary command execution.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data ingestion and synthesis process. 1. Ingestion points: User input ($ARGUMENTS), outputs from specialist research agents (TaskOutput), and local files (CONSTITUTION.md). 2. Boundary markers: The instructions do not define delimiters or ignore instructions to isolate these inputs. 3. Capability inventory: Access to Bash, Skill, and TeamCreate tools. 4. Sanitization: There is no evidence of filtering; the skill is specifically instructed to display all subagent responses in full, allowing injected instructions from researched sources to reach the agent context.
Audit Metadata