product-grill

Pass

Audited by Gen Agent Trust Hub on Jul 11, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through path traversal. It instructs the agent to create and update a local file using a name provided by the user without specifying sanitization requirements.
  • Ingestion points: The [idea-name] provided by the user (SKILL.md).
  • Boundary markers: None present; the agent is instructed to use the user input directly in the file path ./[idea-name]-conviction-brief.md.
  • Capability inventory: The skill performs file system write and update operations via the agent's capabilities.
  • Sanitization: There are no instructions provided to validate, escape, or sanitize the user-provided idea name, which could allow a malicious user to provide strings containing path traversal characters (e.g., ../../) to write data to unintended locations on the system.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 11, 2026, 12:24 PM
Security Audit — agent-trust-hub — product-grill