post-writer
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs 'CRITICAL' directives to override default agent behavior, specifically instructing the agent to skip summaries and jump directly to input gathering. Additionally, the skill is susceptible to indirect prompt injection because it ingests untrusted user content (context dumps and reference posts) without using boundary markers or sanitization logic.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface Findings:
- Ingestion points:
SKILL.md(Step 1 processes user-provided context dumps and external reference posts). - Boundary markers: Absent (no delimiters or 'ignore instructions' patterns are used for user text).
- Capability inventory: Read access to local configuration files (
about-me.md,voice.md) and write access to save markdown files to the project directory. - Sanitization: Absent (external data is used directly to influence prompt generation without filtering).
Audit Metadata