Skills
skills/paulnsorensen/easy-cheese/cheez-write/Gen Agent Trust Hub

cheez-write

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted source code files and has capabilities for file modification and shell command execution. \n
  • Ingestion points: Source code is read into the agent context via mcp__tilth__tilth_read (SKILL.md). \n
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore embedded commands within the code being processed. \n
  • Capability inventory: The skill allows file writing through mcp__tilth__tilth_edit and shell execution via Bash (SKILL.md). \n
  • Sanitization: There is no mention of sanitizing or validating the content of the ingested files. \n- [COMMAND_EXECUTION]: The skill authorizes the use of the Bash tool to run sg --rewrite (ast-grep) for structural code modifications. While this is a common developer tool, it utilizes shell execution to perform its tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 08:35 PM
Security Audit — agent-trust-hub — cheez-write