protocol-writer
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: Analysis of the skill instructions and Python code reveals no malicious patterns. The skill correctly identifies its network access as none and uses standard libraries to generate documentation.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it reads from local files (GOAL.md, queries.md, STATUS.md, DECISIONS.md) to generate the protocol. This risk is classified as safe/low because the generated output is a markdown file intended for human review and the skill possesses no high-privilege capabilities or network access that could be exploited. Ingestion points: GOAL.md, queries.md, STATUS.md, DECISIONS.md. Boundary markers: None. Capability inventory: File writing to output/PROTOCOL.md. Sanitization: None.
Audit Metadata