start
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses extremely forceful, imperative language ("ABSOLUTELY MUST", "not negotiable", "not optional", "cannot rationalize your way out") to coerce the agent into following specific workflows and override its autonomous decision-making regarding tool usage.\n- [PROMPT_INJECTION]: The skill implements a dynamic discovery process that reads content from external skill files, creating an attack surface for indirect prompt injection.\n
- Ingestion points: The skill reads the first 10-15 lines of files matching the pattern
.claude/skills/*/SKILL.mdto extract metadata and descriptions.\n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when processing these file snippets.\n
- Capability inventory: The skill possesses significant capabilities including file system discovery (
Glob), content extraction (Read), file modification (EditforCLAUDE.md), and delegation to other agents (Tasktool).\n - Sanitization: Ingested content from local skill files is not validated or sanitized before being incorporated into the agent's context or project documentation.\n- [COMMAND_EXECUTION]: The skill explicitly directs the agent to utilize powerful tools such as
Globfor file system mapping,Readfor file inspection,Editfor modifying project documentation, and theTasktool for spawning specialized subagents. These actions are fundamental to its operation as a project-level orchestrator.
Audit Metadata