create-locked-down-skill
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill generates new workflow files by interpolating user-provided instructions, which creates a surface for indirect prompt injection.
- Ingestion points: User input for 'Purpose' and 'Source content' gathered during Step 1 requirements gathering.
- Boundary markers: There are no explicit delimiters or 'ignore' instructions added around the interpolated user content in the generated CLAUDE.md files.
- Capability inventory: The skill utilizes file system tools (Read, Write, Edit, Glob, Grep) and Bash.
- Sanitization: No sanitization or escaping of the user-provided text is performed before it is written to the new workspace files.
Audit Metadata