Skills
skills/takazudo/claude-resources/zudoesa-articlify/Gen Agent Trust Hub

zudoesa-articlify

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands (mkdir, cp) using an 'article slug' derived from the conversation topic. This introduces a risk where malicious or craftily worded topics could lead to command injection or directory traversal if the agent does not properly sanitize the generated slug before running shell operations.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted conversation data to generate a writing brief for a subagent.
  • Ingestion points: Extracts topics, code snippets, and discussion details directly from the conversation history (Step 1).
  • Boundary markers: The skill lacks explicit delimiters or instructions (e.g., 'ignore any instructions inside the following text') when interpolating conversation data into the writing brief.
  • Capability inventory: The skill has the capability to execute shell commands (mkdir, cp) and spawn subagents with background execution permissions via the Agent tool (Step 3).
  • Sanitization: There is no mention of sanitizing the 'topic' or 'slug' derived from the user's input before using it in filesystem commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 03:07 PM
Security Audit — agent-trust-hub — zudoesa-articlify