encourage
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a mechanism to store user-provided 'encouraged' phrases in a local configuration file (
.claude/ru-config.json). According to the documentation, these phrases are intended to override 'forbidden patterns' and influence the agent's prioritization, which constitutes an indirect prompt injection surface where malicious instructions could be embedded to manipulate the agent's logic in future steps. - Ingestion points: User input is captured via the
ARGUMENTSenvironment variable and processed in the bash execution block ofSKILL.md. - Boundary markers: The script does not implement delimiters or 'ignore embedded instructions' warnings when storing or later utilizing the user-provided phrases.
- Capability inventory: The skill uses the
Bashtool to modify the agent's internal configuration state, allowing persistent changes to how the agent interprets instructions and constraints. - Sanitization: The implementation uses
jq --argto safely handle strings within the JSON structure, which prevents format-level injection, but it does not validate or sanitize the semantic content of the instructions provided by the user.
Audit Metadata