skill-builder
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill incorporates a research phase (Phase 1.5) that uses web searches and library documentation to inform skill generation. This creates an attack surface for indirect prompt injection, as malicious instructions on searched websites could theoretically influence the generated draft. However, the skill defines a whitelist of recommended official government (e.g., nts.go.kr, law.go.kr) and international standard (e.g., ifrs.org) domains to guide the agent toward authoritative sources.
- Ingestion points: Phase 1.5 Research (WebSearch, Context7 MCP).
- Boundary markers: The workflow utilizes a predefined
skill-templatefor draft generation. - Capability inventory: The agent performs file writing (SKILL.md, test-cases.yaml) and web searches.
- Sanitization: No explicit sanitization of searched content is mentioned, but the output is intended for developer review in Phase 6.
- [EXTERNAL_DOWNLOADS]: The skill references and fetches information from well-known official domains and technology platforms (e.g., Greenhouse, Salesforce, HubSpot) and government registries. These are documented as trusted sources for retrieving accurate domain data.
- [DATA_EXFILTRATION]: The skill gathers user requirements (purpose, input, output) but does not transmit sensitive environment data or credentials to external servers. Data flow is contained within the workflow for skill generation purposes.
Audit Metadata