tweet-draft-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local bash scripts to automate the identification and filtering of tweet drafts.\n
- Employs the
findcommand to locate markdown files within the user-specified or defaultcontent/tweet-draftsdirectory.\n - Uses
grepto verify file metadata for a 'reviewed: true' status to avoid redundant processing.\n - These commands are scoped to the local filesystem and serve the primary functionality of the skill.\n- [PROMPT_INJECTION]: The skill possesses an inherent surface for indirect prompt injection due to its core function of reading and analyzing external text files.\n
- Ingestion points: The skill reads the contents of
.mdfiles from the localcontent/tweet-draftsfolder (File: SKILL.md, SKILL-OC.md).\n - Boundary markers: There are no explicit delimiters or specific instructions for the agent to ignore instructions that might be embedded within the draft content.\n
- Capability inventory: The skill allows the agent to execute shell commands for file discovery and filtering.\n
- Sanitization: No content validation or sanitization is performed on the ingested draft text prior to evaluation against the voice rules.
Audit Metadata