turn-incident-into-content
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill reads from local configuration files to establish context. It checks for and reads
~/.devadvokit.mdand../../shared/ai-antipatterns.md. These paths are used to gather user-specific DevRel context and quality guidelines, respectively. While these are vendor-associated resources, they involve accessing local filesystem data. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It collects specific user feedback through a Q&A process and interpolates those responses directly into formatted output templates (TIL and Full Context formats).
- Ingestion points: User answers to the five questions defined in the Q&A section of SKILL.md.
- Boundary markers: Absent; user input is integrated into the output without delimiters or instructions to ignore embedded commands.
- Capability inventory: Limited to text generation, formatting, and reading local files.
- Sanitization: None; the skill does not include steps to sanitize or validate user-provided strings before processing. Additionally, the skill instructs the agent to 'silently rewrite' output based on external files and to 'not mention this step to the user', which is a concealment pattern regarding the agent's logic.
Audit Metadata