create-x-content

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is a template-driven instructional guide for the AI agent. It does not contain any executable scripts, binaries, or command-line operations that present a security risk. All operations are limited to reading local configuration and writing drafted content to the local filesystem.\n- [PROMPT_INJECTION]: The skill processes user-supplied text via the --brief parameter, creating an attack surface for indirect prompt injection where a malicious brief could attempt to manipulate the drafting logic.\n
  • Ingestion points: The --brief flag in SKILL.md and interactive user input.\n
  • Boundary markers: Absent; the instructions interpolate the user brief directly into the prompt without delimiters or warnings to ignore embedded commands.\n
  • Capability inventory: The skill has read access to the local ~/.goose-skills/ directory for configuration and voice guides, and write access to the ./content/ directory for outputting files.\n
  • Sanitization: None; the agent is instructed to use the brief's specifics verbatim, including names and numbers.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 01:07 PM
Security Audit — agent-trust-hub — create-x-content