waypoint
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python scripts such as 'waypoint_id.py' and 'validate_waypoints.py' which are executed by subagents to generate deterministic waypoint IDs and validate manifest consistency. The validation script uses 'subprocess.run' to execute the system 'grep' utility with a hardcoded regex pattern to locate markers within the local codebase. These operations are restricted to the local environment and the skill's intended administrative logic.
- [PROMPT_INJECTION]: The skill utilizes a subagent architecture where 'Setter' and 'Scribe' workflows are instructed to read and interpret file contents to manage navigational markers. This creates an attack surface for Indirect Prompt Injection, as the subagents ingest data from arbitrary files in the repository. Ingestion points are located in 'references/workflow-setter.md' and 'references/workflow-scribe.md' during discovery and text polishing phases. No specific sanitization or boundary markers are defined, but this behavior is inherent to the skill's primary purpose of code mapping.
Audit Metadata