think-framework-advisor
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted user content (such as notes and transcripts) and incorporates this content into generated command-line invocations.\n
- Ingestion points: User-provided situation descriptions and pasted text from files as documented in the Inputs section of
SKILL.md.\n - Boundary markers: Absent; the agent is not explicitly instructed to use delimiters (e.g., XML tags) to isolate untrusted data during the diagnosis and prompt-filling phases.\n
- Capability inventory: The skill produces shell-like command invocations for other tools. While it explicitly follows a 'recommend, never run' protocol to prevent automatic execution, the resulting prompts are intended for use in environments with substantial capabilities.\n
- Sanitization: No validation, escaping, or filtering of user-provided content is specified before it is interpolated into the recommended prompt strings.
Audit Metadata