Skills
skills/duc01226/easyplatform/knowledge-synthesis/Gen Agent Trust Hub

knowledge-synthesis

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data (research evidence and templates) which presents an attack surface for indirect prompt injection.
  • Ingestion points: Reads research evidence and source files from .claude/tmp/ and report templates from .claude/templates/ (SKILL.md).
  • Boundary markers: Absent; external content from files is interpolated directly into the synthesis process without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill utilizes Bash, Write, and Edit tools, which could be leveraged to execute commands or modify files if malicious instructions are present in the ingested research data.
  • Sanitization: No explicit validation, escaping, or sanitization steps are defined for the content loaded from external files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 02:23 AM
Security Audit — agent-trust-hub — knowledge-synthesis