paywall-generator
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its project context detection logic. The agent is instructed to scan local Swift files using Glob and Grep tools to identify existing StoreKit implementations and product IDs. Malicious content within these scanned files could potentially influence the agent's behavior during the code generation process. \n
- Ingestion points: Local source files (e.g., **/Store.swift) are read and parsed to detect project state. \n
- Boundary markers: No specific delimiters or instructions are provided to the agent to distinguish between trusted instructions and untrusted code content during ingestion. \n
- Capability inventory: The skill utilizes Write and Edit tools to create or modify project files based on the analyzed context. \n
- Sanitization: There is no evidence of sanitization or validation performed on the ingested code strings before they are processed by the agent.
Audit Metadata