whimsy-injector
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious behavior, obfuscation, or data exfiltration patterns were identified in the skill's instructions or embedded code snippets.
- [COMMAND_EXECUTION]: The skill utilizes bash and git for legitimate project-related tasks, such as reviewing logs, history, and managing files within its creative workflow.
- [SAFE]: The skill presents an indirect prompt injection surface by ingesting external data (brand guidelines and competitor research). Evidence Chain: 1. Ingestion points: Brand guidelines and research data (Workflow Step 1); 2. Boundary markers: Absent; 3. Capability inventory: bash, git, and file system access; 4. Sanitization: No specific filtering or escaping instructions are present.
Audit Metadata