research-note
Warn
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill workflow requires the agent to delete the original source file (Step 7) and commit changes to git (Step 8) without prompting the user for confirmation. These automated, destructive file system operations present a risk of accidental data loss if the agent misidentifies which file should be considered the 'source'.
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted user input (the 'rough question') to generate file content and drive subsequent actions. It lacks protective measures to distinguish between data and instructions.
- Ingestion points: The agent reads the user's rough question or a specified source file for processing as described in
SKILL.md. - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the workflow.
- Capability inventory: The skill utilizes file creation, file deletion, and git commit capabilities across the workflow steps in
SKILL.md. - Sanitization: No sanitization, escaping, or validation of the input content is specified before it is used to influence agent behavior.
Audit Metadata