rulph
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it ingests untrusted artifacts which are then processed by evaluator and worker agents. Malicious content within these artifacts could mislead the agents to subvert the rubric or improvement process.\n
- Ingestion points: Target artifact content or file paths specified in Phase 1 (SKILL.md).\n
- Boundary markers: The skill uses explicit '## Artifact' labeling and shell-style heredocs (<<'PROMPT') to attempt to isolate data from instructions.\n
- Capability inventory: Uses the 'Bash' tool to execute CLI evaluators, 'Write' to update artifacts, and 'Agent' to run sub-tasks.\n
- Sanitization: While it includes prompt hardening to prevent shell injection, it lacks semantic sanitization to prevent the LLMs from obeying instructions embedded within the artifact content itself.\n- [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to interact with system CLIs like 'codex', 'gemini', and 'hoyeon-cli'. It correctly implements security best practices by wrapping variables in heredocs to prevent shell-level command injection.
Audit Metadata