dont-make-me-think
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from external URLs and user-provided code, creating a surface for indirect prompt injection. 1. Ingestion points: External websites (via /browse tool) and UI source code. 2. Boundary markers: Absent; no specific instructions to ignore embedded directives in input data. 3. Capability inventory: Permission to read and modify local source files in 'Redesign Mode'. 4. Sanitization: Absent; no filtering of ingested content is specified.
- [SAFE]: No malicious code, unauthorized exfiltration patterns, or hardcoded credentials were detected in the skill files. The author identification is consistent with the provided context.
Audit Metadata