chain-patterns
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified in the handoff and checkpoint-resume patterns.
- Ingestion points: Implementation guides (e.g., references/checkpoint-resume.md) advise reading state from .claude/chain/*.json files which may contain outputs from external tools or previous subagent phases.
- Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present in the provided patterns.
- Capability inventory: The patterns utilize powerful tools including CronCreate (scheduled command execution), Agent (subagent spawning), and Write (file system access).
- Sanitization: No sanitization or validation of the ingested JSON data is described before interpolation into subsequent prompts.
- [COMMAND_EXECUTION]: The skill promotes the use of CronCreate to schedule tasks that execute system commands.
- Evidence: references/cron-monitoring.md and SKILL.md (Pattern 5) demonstrate scheduling recurring checks using CLI tools such as gh (GitHub CLI) and npm test. This functions as a persistence mechanism that survives the current session, allowing for scheduled command execution.
Audit Metadata