source-command-audit-prose

Pass

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes local whitepaper files (.qmd) as input for its editing workflow. It lacks explicit boundary markers or instruction-ignoring delimiters to distinguish between content to be edited and potential instructions embedded within those files.
  • Ingestion points: Reads content from whitepapers/fr/*.qmd, whitepapers/en/*.qmd, and machine-readable/reference.yaml (referenced in SKILL.md).
  • Boundary markers: Absent; the agent is instructed to read and process the files directly without delimiters.
  • Capability inventory: The agent utilizes an "Edit tool" for file modification and executes shell commands (wc, grep, quarto) for post-enrichment verification (referenced in SKILL.md).
  • Sanitization: No sanitization, escaping, or filtering is applied to the content of the whitepapers before it is processed by the sub-agents.
  • [COMMAND_EXECUTION]: The skill includes a verification section that executes shell commands including wc, grep, and quarto render. These are used for calculating line counts, checking for specific text patterns (Typst bug prevention), and rebuilding PDF documents. These represent standard local development and document processing operations.
Audit Metadata
Risk Level
SAFE
Analyzed
May 26, 2026, 10:40 AM
Security Audit — agent-trust-hub — source-command-audit-prose