encourage
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a Bash script to read and update a JSON configuration file located at
.claude/ru-config.json. It correctly usesjqwith the--argflag to handle user-supplied input safely, preventing command injection into the shell or thejqcommand itself. - [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection attack surface. It allows arbitrary text from the
$ARGUMENTSvariable to be saved into a configuration file. According to the skill's own documentation, these 'encouraged' items are subsequently rendered into a 'USER GUIDANCE' section that overrides agent behavior in future iterations. An attacker could potentially supply a phrase containing malicious instructions that the agent would then treat as high-priority guidance. - Ingestion points: User input via the
ARGUMENTSenvironment variable inSKILL.mdis written to.claude/ru-config.json. - Boundary markers: Absent; the script does not wrap the input in delimiters or provide warnings for the downstream process that consumes the configuration.
- Capability inventory: The skill can execute Bash commands and modify project files.
- Sanitization: The script uses
jqto ensure valid JSON structure, but it does not perform any content-based sanitization or filtering of the instructions themselves.
Audit Metadata