Prompting
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill serves its stated purpose as a meta-prompting framework without any hidden malicious functionality. All external references point to legitimate documentation or trusted resources from the author.
- [COMMAND_EXECUTION]: The template rendering engine (
RenderTemplate.ts) utilizesBun.spawnSyncto execute the systemlscommand. This is used strictly to discover and register local Handlebars partials within the skill's own directory structure. - [PROMPT_INJECTION]: The skill handles indirect prompt injection surfaces by design, as it ingests data from YAML and JSON files to dynamically generate prompts. This is the core functionality of the templating engine and does not involve malicious bypasses or safety filter overrides.
- [EXTERNAL_DOWNLOADS]: The skill uses
curlwithin its workflow to send status notifications to a local endpoint (http://localhost:8888/notify). This is a local network operation for system integration and does not communicate with external or untrusted domains.
Audit Metadata