enhance-prompts
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution (SAFE): The skill invokes Node.js to execute a local script ('./lib/enhance/prompt-analyzer.js'). This is a legitimate use of the command line for the skill's core functionality and does not involve remote code or shell-based injection risks.
- Indirect Prompt Injection (LOW): The skill processes untrusted markdown files provided by the user or found in the environment. Ingestion points: Files processed via 'analyzeAllPrompts' and 'analyzePrompt' functions. Boundary markers: The workflow does not specify delimiters or instructions to ignore embedded commands in the analyzed files. Capability inventory: The skill has file system read access and executes a JavaScript analyzer. Sanitization: No sanitization of input data is mentioned. This represents a potential surface where adversarial instructions within analyzed prompts could attempt to influence the agent.
Audit Metadata