text-formatter
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted user-provided text or file content and possesses capabilities that could be misused if malicious instructions are embedded in that input.\n
- Ingestion points: Phase 1 (Input Collection) allows users to paste arbitrary text or provide a local file path for processing.\n
- Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are present in the skill definition to separate data from instructions.\n
- Capability inventory: The skill is granted
Bash,Read,Write,Glob, andTasktools, which could be exploited to interact with the host system if the agent obeys instructions hidden within the text being formatted.\n - Sanitization: There is no evidence of sanitization or structural validation performed on the input text before it is analyzed and transformed.\n- [Command Execution] (LOW): The skill uses the
Bashtool to programmatically create a scratchpad directory for its workflow (mkdir -p). While this usage is currently confined to a specific workspace, the presence and active use of shell execution tools increase the risk profile when processing external data.
Audit Metadata