Skills
skills/robertguss/claude-code-toolkit/mobile-app-launch-checklist/Gen Agent Trust Hub

mobile-app-launch-checklist

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by using user-provided strings (specifically the 'App name' input) to construct a local filename (LAUNCH-CHECKLIST-{AppName}.md). A malicious user could provide a name containing path traversal sequences or special characters to attempt to write the checklist to unintended locations.
  • Ingestion points: User-provided 'App name' input defined in SKILL.md.
  • Boundary markers: No delimiters or instructions are used to separate the user-provided app name from the rest of the file generation logic.
  • Capability inventory: The skill utilizes a file-write capability to save the generated checklist to the project root.
  • Sanitization: There is no evidence of validation or sanitization of the 'App name' before it is interpolated into the file path.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 05:37 PM