Skills
skills/ninehills/skills/human/Gen Agent Trust Hub

human

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of processing and rewriting external text.
  • Ingestion points: The skill ingests untrusted data via the Read tool and direct user input for editing (documented in SKILL.md).
  • Boundary markers: The instructions do not define clear boundary markers (such as XML tags or delimiters) to separate instructions from the data being processed, nor do they instruct the agent to ignore commands embedded in the input text.
  • Capability inventory: The skill is granted Write and Edit permissions, allowing the agent to modify the file system based on potentially malicious instructions found within the processed text.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the input text before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 07:33 PM