bkmrk
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing untrusted user input and writing it to the local filesystem without validation. * Ingestion points: User-provided content via the /bkmrk command or implicit text capture as defined in SKILL.md. * Boundary markers: Absent; the agent is instructed to capture content verbatim without delimiters. * Capability inventory: File writing capability via the Write tool to a local directory. * Sanitization: Absent; the instructions explicitly state not to reformat, summarize, or rewrap the user's content.
- [SAFE]: The skill utilizes a hardcoded absolute file path (/Users/benmaclaurin/Library/Mobile Documents/com
appleCloudDocs/bkmrk/) for its operations. While this reveals a specific local username and limits the skill's functionality to environments where this specific directory structure exists, it represents a configuration practice rather than a malicious threat to the user.
Audit Metadata