Skills
skills/edwinhu/workflows/writing/Gen Agent Trust Hub

writing

Warn

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill employs dynamic context injection (the !command syntax) to execute shell commands when the skill is initially loaded. It uses this to read files via a directory traversal path (../../references/). Furthermore, it uses the Bash tool to create directories and modify project files like .gitignore.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection when delegating tasks to sub-agents. It also includes instructions to minimize human oversight by skipping confirmation prompts between major workflow phases.
  • Ingestion points: The skill ingests user-provided research themes and workflow state from files such as .planning/HANDOFF.md.
  • Boundary markers: No delimiters or protective markers are used when interpolating user-controlled data into sub-agent prompts.
  • Capability inventory: The librarian sub-agents have capabilities for searching and data extraction.
  • Sanitization: There is no evidence of sanitization or validation performed on the strings before they are passed to sub-agents.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 28, 2026, 08:03 PM