Skills
NYC
skills/charon-fan/agent-playbook/auto-trigger/Gen Agent Trust Hub

auto-trigger

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill defines a configuration for passing data between skills via context templates, which creates a surface for indirect prompt injection.
  • Ingestion points: SKILL.md defines context templates such as {feature_name}, {prd_file}, and {skill_name} that interpolate runtime data into instructions for the next skill in a chain.
  • Boundary markers: The templates lack explicit delimiters (e.g., XML tags) or instructions to the LLM to ignore embedded commands within the variables, increasing the risk of the agent obeying instructions contained within the data.
  • Capability inventory: The configuration references several downstream skills (e.g., self-improving-agent, prd-planner, create-pr) which are documented to possess high-privilege tools including Bash, Write, Edit, and WebSearch.
  • Sanitization: There is no evidence of input validation, escaping, or filtering logic for the data interpolated into these context strings.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:09 PM