new
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted natural language input from the
$ARGUMENTSvariable to create and modify files in a workspace. - Ingestion points: User input is ingested directly via the
$ARGUMENTSvariable inSKILL.md. - Boundary markers: The instructions do not define clear delimiters or warnings to treat the
$ARGUMENTScontent strictly as data, increasing the risk that embedded instructions could be obeyed by the agent. - Capability inventory: The skill has access to
WriteandEdittools, allowing it to persist potentially malicious content to the file system based on user input. - Sanitization: There is no mention of sanitizing entity names, slugs, or content, which could lead to secondary issues such as path manipulation or command injection if processed by other tools later.
Audit Metadata