skill-sharpen
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a robust privacy guardrail that automatically redacts sensitive credentials (e.g., API keys, tokens) using a [REDACTED] placeholder before any data is output or saved.\n- [SAFE]: All file system modifications, such as updating SKILL.md or creating LESSONS.md, require explicit human-in-the-loop confirmation, preventing autonomous or unauthorized changes.\n- [COMMAND_EXECUTION]: Employs git diff to compare session changes, which is a legitimate and scoped use of command execution for its primary purpose of auditing skill performance.\n- [PROMPT_INJECTION]: Indirect prompt injection surface exists as the skill processes untrusted data from conversation history and user feedback.\n
- Ingestion points: Conversation history, user input, and target SKILL.md files.\n
- Boundary markers: Absent; the skill does not explicitly define delimiters for untrusted input during interpolation.\n
- Capability inventory: File system write access and execution of git diff.\n
- Sanitization: Explicitly implements secret redaction logic.
Audit Metadata