Skills
skills/abpai/skills/human-writer/Gen Agent Trust Hub

human-writer

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill includes instructions to fetch version metadata from the author's repository at https://raw.githubusercontent.com/abpai/skills/main/versions.json. This is a standard vendor-provided update check.
  • [COMMAND_EXECUTION]: When an update is detected, the agent is directed to ask the user for permission to execute npx skills update human-writer. This gated execution ensures that external package management remains under the user's control.
  • [PROMPT_INJECTION]: The skill processes arbitrary user-supplied text with filesystem write and edit tools, representing a surface for indirect prompt injection. The current guidelines do not explicitly include delimiters or instructions to ignore commands hidden within the input text.
  • Ingestion points: User text provided for humanization (SKILL.md).
  • Boundary markers: Absent.
  • Capability inventory: Read, Write, Edit, Grep, Glob tools (SKILL.md frontmatter).
  • Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 12:33 PM