ljg-qa
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external content from URLs and PDF files.
- Ingestion points: The skill uses WebFetch for URLs and the Read tool for PDF files, as defined in Workflows/Extract.md.
- Boundary markers: There are no instructions to use specific boundary markers or delimiters for the ingested content.
- Capability inventory: The skill performs local network notifications via curl and writes notes to the ~/Documents/notes/ directory.
- Sanitization: No sanitization or filtering of the external data is specified.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands for system integration.
- It uses curl to send a JSON payload to http://localhost:31337/notify for status updates.
- It utilizes the date command to generate identifiers and timestamps for file organization.
- [EXTERNAL_DOWNLOADS]: The skill retrieves content from external sources via WebFetch and WebSearch to fulfill user requests for information extraction.
Audit Metadata