lfg
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses authoritative language ("Do not do anything else", "complete every step through to the end") to constrain agent behavior to a fixed sequence. It also demonstrates an attack surface for indirect prompt injection in SKILL.md. 1. Ingestion points: User-provided $ARGUMENTS are passed directly to the /ce:plan command. 2. Boundary markers: Absent. 3. Capability inventory: The workflow executes commands for file modification (/ce:work) and browser automation (/compound-engineering:test-browser). 4. Sanitization: Absent.
- [COMMAND_EXECUTION]: The skill orchestrates a chain of autonomous slash commands to perform engineering tasks, including coding, browser testing, and media generation.
Audit Metadata