promptify
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the shell command
echo 'PROMPT' | pbcopyto copy the final optimized output to the user's clipboard. This is a common pattern for CLI-based utility skills.\n- [EXTERNAL_DOWNLOADS]: Theweb-researchersub-agent is designed to search for and fetch information from external websites usingWebSearchandWebFetchto gather context for prompt optimization.\n- [DATA_EXFILTRATION]: The skill has the capability to read local files and perform web searches. While these are separate features for codebase and web research, the combination of local read access and internet access constitutes a technical surface for data exfiltration if the agent's instructions were bypassed.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection, a common risk for tools that process and rewrite user-supplied text.\n - Ingestion points: User prompts ingested via the main command in
SKILL.mdandcommands/promptify.md.\n - Boundary markers: No specific delimiters are used to isolate the untrusted input prompt from the agent's instructions.\n
- Capability inventory: File system access (
Glob,Read), web searching (WebSearch), and basic shell interaction (echo).\n - Sanitization: There is no evidence of input validation or sanitization before the user-supplied prompt is processed.
Audit Metadata