meta-prompting
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled Python script
scripts/copy-to-clipboard.pywhich invokes the macOSpbcopyutility. Although static analysis flagged the use ofsubprocess.run(), the implementation is safe as it does not use a shell for the subprocess call and uses a fixed command name. The execution workflow inSKILL.mdis also secure, utilizing quoted heredocs to ensure user-provided content is treated as literal text. - [PROMPT_INJECTION]: The skill's ingestion of untrusted user input for prompt refinement constitutes a potential surface for indirect prompt injection. However, the risk is well-mitigated by the following design choices:
- Ingestion points: User-provided raw drafts are processed in
SKILL.mdinstructions. - Boundary markers: The skill explicitly instructs the agent to use a quoted heredoc (
<<'__meta-prompting-skill_EOF__') when piping data to the clipboard script. - Capability inventory: System capabilities are limited to clipboard write access via
pbcopy; no network or sensitive file access is requested. - Sanitization: Quoting the heredoc delimiter prevents the shell from expanding variables or executing command substitutions (e.g.,
$(...)) that might be present in the user-supplied content.
Audit Metadata