Skills
skills/dawiddutoit/custom-claude/textual-event-messages/Gen Agent Trust Hub

textual-event-messages

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill defines a TUI interface that ingests untrusted user input while having access to the Bash tool, creating a surface for indirect prompt injection.
  • Ingestion points: User input is ingested via the Input widget in the CommandWidget class within Example 1 (SKILL.md).
  • Boundary markers: No explicit delimiters or boundary markers are defined to isolate untrusted input from agent instructions.
  • Capability inventory: The skill has access to the Bash, Read, Write, and Edit tools as specified in the allowed-tools metadata.
  • Sanitization: There is no evidence of input sanitization or validation logic in the provided code snippets.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 05:24 PM