Skills
skills/huangwb8/skills/compact-bensz-skills/Gen Agent Trust Hub

compact-bensz-skills

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill's core functionality involves reading and rewriting Markdown documentation from other skills, which creates a potential surface for indirect prompt injection. Embedded instructions in target files could influence the agent's behavior during the compression or validation phases.
  • Ingestion points: Target Markdown files are read into the agent's context and processed by initialization and measurement scripts.
  • Boundary markers: No explicit delimiters or isolation techniques are used for the untrusted content being processed.
  • Capability inventory: The agent has the ability to write to the file system and execute shell commands.
  • Sanitization: No content sanitization or validation of the ingested Markdown content is performed.
  • [DATA_EXFILTRATION]: The skill instructions define a bug-reporting process that accesses paths outside the designated target skill root and involves external transmission.
  • Access to sensitive paths: The agent is instructed to log bug reports in ~/.bensz-skills/bugs/ within the user's home directory.
  • External transmission: The agent is directed to use the gh CLI tool to upload these bug reports to the author's GitHub repository (huangwb8/bensz-bugs) upon explicit user request. While this is a user-gated action using a well-known service and targeting a vendor-owned repository, it represents data transmission from the local environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 04:10 PM