rule-creator
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the creation of persistent instructions via the
.agent/rules/directory. Rules with 'always_on' or 'model_decision' activation are automatically incorporated into the agent's context, creating a surface for indirect prompt injection where malicious instructions could be saved and automatically executed in future sessions. - [PROMPT_INJECTION]: The rule system supports '@mentions' which can resolve to absolute or workspace-relative file paths (e.g., '@/etc/passwd'). This capability allows rules to potentially access and process sensitive files if an attacker influences the rule content.
- [PROMPT_INJECTION]:
- Ingestion points: User-provided rule content is processed in
SKILL.md(Step 3: Write the Rule). - Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings for the rule content.
- Capability inventory: The skill has the capability to write persistent instruction files to the
.agent/rules/directory. - Sanitization: There is no sanitization or validation of the rule content mentioned before it is written to the file system.
Audit Metadata