discovery
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses direct interpolation of $ARGUMENTS into its prompt instructions, which can be exploited for direct injection. It also retrieves external content via WebFetch in Phase 1 and processes it without boundary markers or sanitization, creating an indirect prompt injection surface. (1) Ingestion points: Phase 1 (WebFetch and user-pasted text). (2) Boundary markers: Absent. (3) Capability inventory: Write, Read, Glob, WebFetch, and WebSearch. (4) Sanitization: None.
- [EXTERNAL_DOWNLOADS]: The skill performs external network requests using WebFetch to retrieve user-specified documents and WebSearch to conduct market research.
- [COMMAND_EXECUTION]: The skill extensively interacts with the local filesystem, using the Write tool to create directory structures and files, and the Glob and Read tools to inspect project configuration files such as package.json and CLAUDE.md.
Audit Metadata