add-knowledge
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): Indirect Prompt Injection Surface. The skill explicitly commands the agent to read and follow instructions from an external file at
/Users/thopper/c/knowledge/CLAUDE.md. This creates a vulnerability where malicious content in that file could override the agent's behavior. - Ingestion points: /Users/thopper/c/knowledge/CLAUDE.md.
- Boundary markers: Absent; the agent is told to "follow it exactly" without delimiters.
- Capability inventory: File system access (cd), git commit, and git push (network operation).
- Sanitization: Absent; no validation or filtering is applied to the content of the external file.
Audit Metadata