get-to-know-you
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a bash script (
scripts/run) that executes a local Node.js module (bin/get-to-know-you.mjs). This is the standard mechanism for this workflow engine to manage the interview state and is not malicious. - [PROMPT_INJECTION]: The skill ingests user input through interview questions (Ingestion points: responses to role, stack, and hobby questions). It mitigates the risk of indirect prompt injection by using structured XML boundary markers (e.g.,
<system>,<prompt>, and<ask-user>) to separate instructions from untrusted data. Its capabilities are restricted to the local execution wrapper and reading skill files (Capability inventory:Bash(scripts/run *),Read).
Audit Metadata