Skills
skills/alexi-build/raycast-extensions-skill/raycast-extensions/Gen Agent Trust Hub

raycast-extensions

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill provides code examples that demonstrate ingesting untrusted data from external sources and processing it through an LLM without proper security boundaries.
  • Ingestion points: examples.md (via Clipboard.readText()), references/api/browser-extension.md (via BrowserExtension.getContent()).
  • Boundary markers: Absent. Code examples interpolate external data directly into the prompt string (e.g., AI.ask(Summarize this: ${text})) without the use of XML tags, triple quotes, or specific instructions to ignore embedded commands.
  • Capability inventory: The skill utilizes AI.ask for content processing and Clipboard.copy, Clipboard.paste, and BrowserExtension.getContent for data handling.
  • Sanitization: Absent. There is no evidence of input validation, character escaping, or content filtering before the data is passed to the AI model.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:15 PM