ladder-init
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection because it reads and processes untrusted local data (existing specs, reference documents, and project structure) to generate its output. 1. Ingestion points: SKILL.md (Phase A.2, Phase B.4, and Phase B.5) defines workflows to scan .ladder/specs/, .ladder/refs/, and the general project root. 2. Boundary markers: Absent; there are no specific delimiters or instructions to ignore potential commands within the scanned content. 3. Capability inventory: The skill can create directories, write files (.ladder/OVERVIEW.md and .ladder/progress.md), and perform git commits. 4. Sanitization: No explicit sanitization or filtering of the content read from the filesystem is mentioned before interpolation. Mitigation: The skill includes a 'HARD GATE' for user review, requiring the agent to present the content of OVERVIEW.md for approval before writing to disk.
Audit Metadata