requirements
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it interpolates untrusted user input ($ARGUMENTS) directly into its processing logic.
- Ingestion points: User input via $ARGUMENTS in SKILL.md.
- Boundary markers: Absent; the prompt does not use delimiters to wrap the user input or instruct the agent to ignore embedded instructions.
- Capability inventory: The skill is capable of writing files to the local file system (docs/ directory).
- Sanitization: No sanitization or validation is performed on the feature name (which is used in the path) or the notes content.
Audit Metadata