skills/cursor/plugins/thermos/Gen Agent Trust Hub

thermos

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill defines a workflow that ingests untrusted data from external sources, creating a surface for indirect prompt injection.\n
  • Ingestion points: Pull request diffs, branch content, and user requests (SKILL.md).\n
  • Boundary markers: None identified; the instructions do not specify the use of delimiters to isolate untrusted code from subagent instructions.\n
  • Capability inventory: No direct subprocess execution, file writes, or network operations are defined in this skill; it relies on launching subagents for analysis.\n
  • Sanitization: None identified; untrusted data is passed to subagents without explicit filtering or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 05:02 AM
Security Audit — agent-trust-hub — thermos