Skills
skills/jazz1x/galmuri/pitch/Gen Agent Trust Hub

pitch

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes local tools and scripts as part of its operational workflow.
  • Evidence: SKILL.md requires scripts/preflight.sh to be executed as a prerequisite.
  • Evidence: Step 2 in both the English and Korean skill definitions involves calling a distill command-line utility with arguments derived from user input.
  • [PROMPT_INJECTION]: The skill processes untrusted user input, which presents a surface for indirect prompt injection attacks.
  • Ingestion points: User input is captured via the {input} and {audience} variables in SKILL.md.
  • Boundary markers: The instructions lack explicit delimiters to encapsulate or isolate the user-provided data from the command structure.
  • Capability inventory: The skill utilizes the Write tool to create and modify files within the docs/ directory.
  • Sanitization: There is no mention of sanitization or validation logic for the content provided by the user.
  • Mitigation: The risk of malicious automated file operations is significantly reduced by a mandatory human-in-the-loop (HITL) step in Step 4, which requires the user to explicitly confirm any file-saving actions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 03:13 PM