save
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill distills untrusted conversation history into a system prompt for a new subagent, which presents an indirect prompt injection risk.
- Ingestion points: Instructions in SKILL.md direct the agent to analyze the entire conversation history, including corrections and tool outputs.
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the conversation input.
- Capability inventory: The skill has permission to use 'Bash' for directory creation and 'Write' for saving files to '.claude/agents/'.
- Sanitization: The skill relies on natural language instructions for the model to 'generalize' content rather than employing programmatic sanitization or validation of the input data.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute 'mkdir -p' for directory management, which is a legitimate but powerful capability.
Audit Metadata