Skills
skills/generaljerel/chalk-skills/create-ost/Gen Agent Trust Hub

create-ost

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill reads from potentially untrusted files in .chalk/docs/product/ to build the OST, which creates an indirect prompt injection surface.
  • Ingestion points: Workflow Step 1 reads product profiles, research syntheses, and JTBD canvases from the local filesystem.
  • Boundary markers: Absent. The skill does not use delimiters to wrap the ingested content or instruct the agent to ignore embedded commands within those documents.
  • Capability inventory: The skill is authorized to use Read, Glob, Grep, and Write tools to interact with the project environment.
  • Sanitization: The skill does not perform any validation or sanitization of the research data before using it to generate solutions and assumption tests.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 08:09 AM