Skills
skills/bahayonghang/my-claude-code-settings/word-flow/Gen Agent Trust Hub

word-flow

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill defines a structured orchestration of internal tools (word and card) to process user-specified English words.
  • [SAFE]: File system activity is limited to generating PNG files in the ~/Downloads/ directory, which is appropriate for the skill's stated purpose of creating visual vocabulary cards.
  • [SAFE]: There are no indicators of external network communication, hardcoded credentials, or attempts to access sensitive system files.
  • [PROMPT_INJECTION]: The skill processes user-provided vocabulary and pipes tool outputs, forming an indirect prompt injection surface.
  • [PROMPT_INJECTION]: Ingestion points: User-provided English words provided as arguments to the /word-flow command.
  • [PROMPT_INJECTION]: Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded prompts within the word tokens or tool outputs.
  • [PROMPT_INJECTION]: Capability inventory: The skill calls the word and card tools and has the capability to write image files to the local Downloads folder.
  • [PROMPT_INJECTION]: Sanitization: The skill relies on the platform's default handling of tool arguments and output piping for safety.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 03:17 PM