requirements

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it interpolates untrusted user input ($ARGUMENTS) directly into its processing logic.
  • Ingestion points: User input via $ARGUMENTS in SKILL.md.
  • Boundary markers: Absent; the prompt does not use delimiters to wrap the user input or instruct the agent to ignore embedded instructions.
  • Capability inventory: The skill is capable of writing files to the local file system (docs/ directory).
  • Sanitization: No sanitization or validation is performed on the feature name (which is used in the path) or the notes content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 07:30 PM
Security Audit — agent-trust-hub — requirements