extract-glossary
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted data from external repositories (source code, README files, and documentation) to generate summaries.
- Ingestion points: The skill reads file content from local paths and remote GitHub repositories as defined in the '调查手順' (Investigation Steps) and 'コーパスを作る' (Creating Corpus) sections of SKILL.md.
- Boundary markers: There are no explicit instructions to use XML tags or other delimiters to isolate external repository content from the agent's system instructions.
- Capability inventory: The skill utilizes shell commands including
rg(ripgrep) for searching,gitfor metadata retrieval, andmmdc(Mermaid CLI) for diagram generation. It also performs file system read and write operations within the user-defined output directory. - Sanitization: The instructions do not include specific sanitization, filtering, or validation steps for the content extracted from repositories before it is processed by the AI model.
Audit Metadata