expert-advice
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill incorporates user input via the $ARGUMENTS variable directly into its instructions without the use of delimiters or protective boundary markers, creating a surface for indirect prompt injection.
- Ingestion points: $ARGUMENTS in SKILL.md
- Boundary markers: Absent
- Capability inventory: Filesystem read (codebase exploration) and network fetch (Wasp documentation)
- Sanitization: Absent
- [EXTERNAL_DOWNLOADS]: The skill retrieves documentation from external sources to provide context-aware advice on application improvements.
Audit Metadata