antislop
Pass
Audited by Gen Agent Trust Hub on Jun 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The
install.shscript automates the setup process by creating directories and copying files within the user's home directory. This is standard behavior for skill installation. - [EXTERNAL_DOWNLOADS]: The skill instructions include a 'Pattern Refresh Protocol' that fetches data from Wikipedia's public API. These requests target a well-known service to keep the skill's detection database updated with the latest community research.
- [PROMPT_INJECTION]: As an editing tool, this skill processes untrusted user-provided text. It currently lacks explicit boundary delimiters or instructions for the agent to ignore commands embedded in that text, which is an inherent surface for indirect prompt injection.
- Ingestion points: User-provided text for auditing (documented in
SKILL.md). - Boundary markers: None identified; the skill directly interpolates user content into its workflow.
- Capability inventory: The skill uses
Read,Edit, andWritetools to modify text files. - Sanitization: None; the skill is designed to evaluate the writing style of the input as-is.
- [REMOTE_CODE_EXECUTION]: Automated tools flagged a pattern where remote data from Wikipedia is piped to a local Python interpreter. Analysis confirms this is used solely for parsing JSON data from a trusted source using a static script, and it does not involve executing the remote content as code.
Audit Metadata