formalize-problem
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes research goals and paper summaries derived from external sources.
- Ingestion points: Reads from
reaper-workspace/notes/literature.mdandreaper-workspace/notes/paper-summary.md, which contain external research content. - Boundary markers: None identified; instructions do not explicitly warn the agent to ignore instructions embedded in the processed research text.
- Capability inventory: The skill performs file read operations across various directories and file write operations to
problem-statement.mdandideas.md. - Sanitization: No validation or sanitization of the external research data is performed before processing.
- [COMMAND_EXECUTION]: The skill instructs the agent to perform filesystem discovery by resolving absolute paths for a sibling skill ('reaper'). It lists several common installation directories in the user's home folder (e.g.,
~/.claude/skills/,~/.agents/skills/) to facilitate this. While this involves probing the host environment, it is used locally to resolve configuration references (model.md,impossibility-results.md) within the same vendor's ecosystem.
Audit Metadata