the-rewrite-room
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion and processing of untrusted data from external URLs and local filesystem paths through commands such as
/rwr:cite,/rwr:author, and/rwr:optimize. This creates an attack surface for indirect prompt injection, where malicious instructions embedded in the processed source material could influence the agent's actions. \n - Ingestion points: External source URLs and local project files (Markdown, code, etc.). \n
- Boundary markers: The skill documentation does not define explicit boundary markers or safety instructions to the agent to ignore instructions within the ingested content. \n
- Capability inventory: The skill is granted access to powerful tools including
Bash,Write, andEdit. \n - Sanitization: There is no mention of sanitization, validation, or filtering of the content retrieved from external or local sources.
- [EXTERNAL_DOWNLOADS]: The
/rwr:citecommand initiates network requests to retrieve content from arbitrary, user-provided URLs. These operations involve interactions with non-whitelisted external domains.
Audit Metadata