enhance-prompts
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Node.js script via the command
node -e. This is used to load the internalprompt-analyzer.jslibrary and perform analysis on files within a specified directory. The execution is confined to local resources provided with the skill. - [PROMPT_INJECTION]: Because the skill analyzes external markdown files (prompts), it possesses an inherent attack surface for indirect prompt injection. 1. Ingestion points: The skill reads file content from the local file system based on user-provided paths. 2. Boundary markers: No explicit boundary markers or 'ignore' instructions are visible in the provided workflow. 3. Capability inventory: The skill executes analysis logic and generates a structured report; it does not perform network operations or high-privilege file modifications. 4. Sanitization: Sanitization logic is not detailed in the SKILL.md and is assumed to be handled within the referenced JavaScript library.
Audit Metadata