Skills
skills/wghust/stark-skills/skill-power-profile/Gen Agent Trust Hub

skill-power-profile

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted metadata from local skill files and interpolates it into prompts sent to a downstream image generation model.
  • Ingestion points: The scripts/profile_skills.py script reads the name and description fields from SKILL.md files discovered in the workspace and user home directory.
  • Boundary markers: Absent. Extracted skill names and titles are directly interpolated into the image generation brief without delimiters or instructions to ignore embedded commands.
  • Capability inventory: Across its scripts, the skill lacks dangerous capabilities such as network access, file-writing, or arbitrary code execution, which significantly limits the potential impact of an injection attack.
  • Sanitization: No sanitization or validation of the extracted metadata is performed before it is used to build the image generation brief.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 06:13 PM