source-command-audit-prose
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes local whitepaper files (
.qmd) as input for its editing workflow. It lacks explicit boundary markers or instruction-ignoring delimiters to distinguish between content to be edited and potential instructions embedded within those files. - Ingestion points: Reads content from
whitepapers/fr/*.qmd,whitepapers/en/*.qmd, andmachine-readable/reference.yaml(referenced in SKILL.md). - Boundary markers: Absent; the agent is instructed to read and process the files directly without delimiters.
- Capability inventory: The agent utilizes an "Edit tool" for file modification and executes shell commands (
wc,grep,quarto) for post-enrichment verification (referenced in SKILL.md). - Sanitization: No sanitization, escaping, or filtering is applied to the content of the whitepapers before it is processed by the sub-agents.
- [COMMAND_EXECUTION]: The skill includes a verification section that executes shell commands including
wc,grep, andquarto render. These are used for calculating line counts, checking for specific text patterns (Typst bug prevention), and rebuilding PDF documents. These represent standard local development and document processing operations.
Audit Metadata