Skills
skills/phazonoverload/devadvokit/find-content-angles/Gen Agent Trust Hub

find-content-angles

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8). Untrusted data is ingested when the user provides source content (SKILL.md). Ingestion points: Question 1 in the Q&A section. Boundary markers: Absent. Capability inventory: The agent can read files from the home directory and traverse parent directories. Sanitization: Absent.
  • [PROMPT_INJECTION]: The skill uses behavior suppression instructions, telling the agent to read and apply guidelines silently without informing the user.
  • [DATA_EXFILTRATION]: The skill accesses a hidden configuration file in the user's home directory (~/.devadvokit.md), which is a potential data exposure vector.
  • [DATA_EXFILTRATION]: The skill uses directory traversal (../../shared/ai-antipatterns.md) to access files outside of the intended skill environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 03:50 PM