Skills
skills/melodic-software/claude-code-plugins/write-acceptance/Gen Agent Trust Hub

write-acceptance

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of processing untrusted external data.
  • Ingestion points: Reads user story text directly from prompts, extracts data from user-provided file paths, and looks up information in documentation files via Read and Glob tools.
  • Boundary markers: The instructions lack explicit delimiters or guidance for the agent to ignore or isolate instructions that might be embedded within the processed user stories.
  • Capability inventory: The skill possesses Write permissions to create .feature and .cs files, which could be abused if an injection is successful.
  • Sanitization: There is no evidence of input validation or content filtering before the ingested data is used to generate structured output.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 09:18 AM
Security Audit — agent-trust-hub — write-acceptance