slfg
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to the way user-provided input is handled.
- Ingestion points: The
$ARGUMENTSvariable is directly interpolated into the/ce:plancommand inSKILL.md. - Boundary markers: No delimiters (like XML tags or triple backticks) or "ignore instructions" warnings are used to isolate the user input from the command context.
- Capability inventory: The skill possesses significant capabilities, including launching an "army of agent swarm subagents" for code generation (
/ce:work), browser testing (/compound-engineering:test-browser), and video recording (/compound-engineering:feature-video). - Sanitization: There is no evidence of input validation or escaping before the data is passed to the planning tool.
- [COMMAND_EXECUTION]: High-autonomy execution flow with potential for command argument injection.
- The skill automates a complex multi-step pipeline where the outcome of the first unsanitized command (
/ce:plan $ARGUMENTS) dictates the subsequent behavior of parallel swarm agents. - The instruction to "complete every step through to the end" and "not stop between steps" promotes high autonomy, which may reduce user oversight during the execution of potentially malicious tasks if the input is compromised.
Audit Metadata