part2-clarify
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a 'STOP PROTOCOL' that uses strong directive language to strictly manage agent behavior and enforce a specific two-turn pedagogical interaction sequence.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted user requirements to demonstrate the clarification process using the AskUserQuestion tool. * Ingestion points: User-provided vague requirements in the Experience phase (Block 1). * Boundary markers: None present to delimit user input from instructions. * Capability inventory: File system write operations and tool-based user questioning. * Sanitization: No sanitization or validation of user input is specified.
- [COMMAND_EXECUTION]: The agent is instructed to use file system tools to read existing skill definitions and list directories within the .claude/skills/ path to teach skill structure.
- [COMMAND_EXECUTION]: The skill guides the agent to generate new skill files by populating templates with user-provided descriptions of their work tasks, resulting in the creation of executable instruction files.
Audit Metadata