Skills
skills/phazonoverload/devadvokit/generate-cfp/Gen Agent Trust Hub

generate-cfp

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill reads data from ~/.devadvokit.md and ../../shared/ai-antipatterns.md to inform its generation process, creating a surface for indirect prompt injection. • Ingestion points: ~/.devadvokit.md, ../../shared/ai-antipatterns.md • Boundary markers: Absent • Capability inventory: None; the skill does not utilize network access, shell commands, or file-writing tools. • Sanitization: The skill includes instructions to silently rewrite output based on specific anti-patterns before presenting it to the user.
  • [DATA_EXFILTRATION]: The skill accesses a configuration file (~/.devadvokit.md) located in the user's home directory. This is used to provide context for the generator. While this constitutes data exposure of a local file, no network exfiltration patterns or external communication tools were identified in the skill logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 03:50 PM