personalise
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection because its primary function is to ingest and analyze untrusted external content.
- Ingestion points: External inputs such as URLs, pastes, and repositories provided via the /personalise command (SKILL.md).
- Boundary markers: Not present; there are no instructions to the agent to treat external content as untrusted or to use delimiters to separate data from instructions.
- Capability inventory: The agent is instructed to read project configuration, tech stack notes, and user profile files (SKILL.md).
- Sanitization: None; input content is processed directly to generate recommendations.
- [SAFE]: The skill incorporates robust defensive instructions that prevent it from taking autonomous actions. It explicitly forbids installing or applying recommendations without user confirmation, which significantly reduces the impact of potential indirect prompt injections.
Audit Metadata