forbid
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bash script to manage local configuration. It reads from and writes to a project-specific JSON file (
.claude/ru-config.json) using thejqutility. These operations are limited to the project directory. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection. User-supplied phrases intended to be 'forbidden' are stored in a configuration file which is subsequently interpolated into the agent's prompt guidance in future iterations.
- Ingestion points: User input from the
ARGUMENTSvariable is captured in the bash script withinSKILL.md. - Boundary markers: No explicit boundary markers or 'ignore' instructions are applied to the stored strings.
- Capability inventory: The skill has the capability to modify local configuration files via bash and
jqas seen inSKILL.md. - Sanitization: There is no validation or sanitization of the input string to prevent it from containing instructions that might influence the agent when the configuration is later rendered.
Audit Metadata