ears-convert
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external files.
- Ingestion points: The skill reads a source file provided as an argument ($1) using the Read tool as defined in the SKILL.md workflow.
- Boundary markers: There are no protective delimiters or instructions in the prompt logic to treat the file content strictly as data rather than instructions, which could lead the agent to follow commands embedded in the specifications.
- Capability inventory: The skill utilizes powerful tools including Write, Edit, Skill, and Task. If an attacker embeds instructions in a specification file, the agent might execute those instructions using these tools during the conversion process.
- Sanitization: No input validation, escaping, or content filtering is performed on the source file data before it is processed by the agent.
Audit Metadata