meta-prompting

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a bundled Python script scripts/copy-to-clipboard.py which invokes the macOS pbcopy utility. Although static analysis flagged the use of subprocess.run(), the implementation is safe as it does not use a shell for the subprocess call and uses a fixed command name. The execution workflow in SKILL.md is also secure, utilizing quoted heredocs to ensure user-provided content is treated as literal text.
  • [PROMPT_INJECTION]: The skill's ingestion of untrusted user input for prompt refinement constitutes a potential surface for indirect prompt injection. However, the risk is well-mitigated by the following design choices:
  • Ingestion points: User-provided raw drafts are processed in SKILL.md instructions.
  • Boundary markers: The skill explicitly instructs the agent to use a quoted heredoc (<<'__meta-prompting-skill_EOF__') when piping data to the clipboard script.
  • Capability inventory: System capabilities are limited to clipboard write access via pbcopy; no network or sensitive file access is requested.
  • Sanitization: Quoting the heredoc delimiter prevents the shell from expanding variables or executing command substitutions (e.g., $(...)) that might be present in the user-supplied content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 11:27 AM
Security Audit — agent-trust-hub — meta-prompting