product-grill
Pass
Audited by Gen Agent Trust Hub on Jul 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through path traversal. It instructs the agent to create and update a local file using a name provided by the user without specifying sanitization requirements.
- Ingestion points: The
[idea-name]provided by the user (SKILL.md). - Boundary markers: None present; the agent is instructed to use the user input directly in the file path
./[idea-name]-conviction-brief.md. - Capability inventory: The skill performs file system write and update operations via the agent's capabilities.
- Sanitization: There are no instructions provided to validate, escape, or sanitize the user-provided idea name, which could allow a malicious user to provide strings containing path traversal characters (e.g.,
../../) to write data to unintended locations on the system.
Audit Metadata