launch-hacker-news

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from user requests and external sources (live websites, repositories) to generate launch materials, creating a surface for indirect prompt injection.
  • Ingestion points: The $request argument and external content retrieved via the browse tool or repository Read calls in SKILL.md.
  • Boundary markers: The skill requires strict grounding in references/policy-compliance.md and enforces a readiness gate via references/preflight-gate.md.
  • Capability inventory: The skill utilizes Read, Write, and Skill tools to process data and generate local files.
  • Sanitization: Implements a mandatory banned-phrase scan defined in references/policy-compliance.md to identify and rewrite potentially malicious or non-compliant output.
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions for installing additional modules from a remote repository.
  • Evidence: Suggests using the command npx skills add https://github.com/ulpi-io/skills --skill to install missing companion skills.
  • Context: The target repository is maintained by the skill author (ulpi-io), and the suggestion follows standard installation patterns for the platform's modular skill system.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 09:21 AM
Security Audit — agent-trust-hub — launch-hacker-news