write-a-skill
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates as a structural guide for repository maintenance. It does not perform unauthorized network requests, access sensitive system credentials, or implement persistence mechanisms. It correctly identifies and uses well-known tools like GitHub's CLI (gh) and Playwright as examples for prerequisites.- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection (Category 8) because it instructs the agent to ingest external user requirements and incorporate them into new executable instructions (SKILL.md).
- Ingestion points: User-provided domain knowledge, use cases, and triggers gathered in Step 1.
- Boundary markers: Absent; the skill does not instruct the agent to use delimiters or ignore instructions within the gathered requirements.
- Capability inventory: The agent is tasked with creating and writing files to the local file system (SKILL.md and documentation files).
- Sanitization: No sanitization or validation of the input content is specified before it is written into the new skill's instructions.
Audit Metadata