verification
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill employs high-pressure, authoritative language ("The Iron Law", "Non-negotiable", "If you lie, you'll be replaced") to override the agent's standard reporting behavior. While the intent is to improve task accuracy, this style of instruction mimics techniques used to bypass safety filters or ignore system constraints.
- [COMMAND_EXECUTION] (LOW): The skill creates an attack surface for Indirect Prompt Injection (Category 8) by requiring the agent to find and run commands that verify work.
- Ingestion points: The agent identifies commands from the project repository or user-provided task descriptions.
- Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore malicious commands embedded in external data.
- Capability inventory: The skill explicitly instructs the agent to execute shell commands and read their full output.
- Sanitization: Absent. There is no instruction to validate or sanitize the identified command before execution, increasing the risk that a malicious string (e.g., in a code comment or documentation) could be executed as a "verification" step.
Audit Metadata