how-newsletters
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [DATA_EXFILTRATION]: The skill contains a hardcoded absolute file path to the author's home directory.
- Evidence:
/Users/charlesdeist/Desktop/Documents/How <Newsletters>/inSKILL.md. - Risk: This exposure leaks the author's system username ('charlesdeist') and directory hierarchy. It also makes the skill non-portable as it expects a specific local environment to function.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external data as behavioral instructions.
- Ingestion points: The agent is directed to read case study files from the local
/Users/charlesdeist/Desktop/Documents/How <Newsletters>/directory to determine its writing voice. - Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore potential instructions embedded within the case study content.
- Capability inventory: The agent uses file-reading capabilities to ingest content that directly influences its response generation and persona.
- Sanitization: Absent. There is no validation or filtering mentioned to prevent the agent from executing instructions found within the case study library.
- [NO_CODE]: The skill consists exclusively of Markdown documentation and instructions without any accompanying executable scripts or configuration files.
Audit Metadata