Skills
skills/lanej/dotfiles/distill/Gen Agent Trust Hub

distill

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to process external, untrusted documents, which presents a surface for indirect prompt injection.
  • Ingestion points: The primary function involves reading and comprehending external documents provided by the user or found in the project directory (SKILL.md, Section 1).
  • Boundary markers: The instructions do not define specific delimiters or 'ignore' instructions to isolate the document content from the agent's task-specific instructions.
  • Capability inventory: The agent utilizes a 'Read' tool and has instructions to 'Write to disk' by overwriting source files in place after user approval (SKILL.md, Constraints).
  • Sanitization: No explicit sanitization or validation of the input document's content is described prior to processing.
  • [COMMAND_EXECUTION]: The skill utilizes several integrated tools and operational states to perform its tasks.
  • Evidence: The 'Process' section references tools for environment control ('EnterPlanMode', 'ExitPlanMode') and a 'Read' tool used to inspect rendered figure PNGs within project-specific subdirectories ('{project}_files/figure-pdf/').
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 11:51 AM
Security Audit — agent-trust-hub — distill