Skills
skills/hktitan/poke-skills/poke-recipes/Gen Agent Trust Hub

poke-recipes

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill documents the configuration of 'Onboarding context' and 'First message' fields, which serve as system instructions for the agent. This constitutes an indirect prompt injection surface where untrusted or maliciously crafted input could be used to override agent behavior during the installation process.
  • Ingestion points: references/onboarding-context.md defines context fields for the agent.
  • Boundary markers: The documentation does not specify the use of delimiters or 'ignore instructions' markers for these fields.
  • Capability inventory: The documentation describes integrating with various MCP services (GitHub, Linear, etc.) that the agent can control based on the defined context.
  • Sanitization: No sanitization or validation rules are provided for the user-supplied context strings.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 07:42 AM