style-extract
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user-provided articles to extract style dimensions used in file-writing operations.
- Ingestion points: User-provided articles and text snippets analyzed during the style extraction process (Mode A).
- Boundary markers: None identified; the instructions do not specify any delimiters or safety prompts to isolate the processed text from the agent's logic.
- Capability inventory: The skill performs file system operations including directory creation and writing/updating multiple JSON files within the
./writing-workspace/styles/directory. - Sanitization: None; analyzed content is mapped directly to JSON fields without validation or escaping, allowing potentially malicious instructions in the article to influence the style profile output.
Audit Metadata