substack-note
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious logic, obfuscated commands, or hardcoded credentials were found in the skill definitions.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing content from external directories.
- Ingestion points: Data is ingested from the
/knowledge/directory and various profile files in/context/(SKILL.md). - Boundary markers: Absent. There are no instructions provided to the agent to distinguish between user instructions and data retrieved from the knowledge base.
- Capability inventory: Minimal. The skill is strictly limited to text generation for Substack notes and does not have access to command execution, filesystem writing, or network operations.
- Sanitization: Absent. The skill does not specify any validation or sanitization steps for the data processed from the knowledge base.
Audit Metadata