interactive-writing-assistant
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data from local folders and voice transcripts, creating a surface for potential indirect prompt injection.
- Ingestion points: The skill is instructed to search for and read content from user-defined 'Journal', 'Reading/Articles', and 'Topics' folders, as well as process voice-based user input (VUI).
- Boundary markers: Instructions suggest using markdown blockquotes (>) to distinguish knowledge base findings and delimiters (%%) for comments, which provide basic visual separation but are not robust security boundaries.
- Capability inventory: The agent has access to 'Read', 'Write', 'Edit', 'Glob', and 'Grep' tools, allowing it to modify the local file system.
- Sanitization: The instructions do not specify any validation or sanitization of content retrieved from the knowledge base before it is integrated into the active document.
Audit Metadata