screen-design-doc
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external, untrusted content from PDF, TXT, and MD files and incorporates it directly into the agent's context. It does not use delimiters or boundary markers to isolate this data, which allows for indirect prompt injection attacks where malicious instructions in a document could override agent behavior.\n
- Ingestion points: Text extraction from user-provided files in Step 2 and Step 3 of SKILL.md.\n
- Boundary markers: Absent. The skill does not instruct the agent to treat extracted text as data separate from instructions.\n
- Capability inventory: Bash, Read, and Write tools are available, which increases the impact of a successful injection.\n
- Sanitization: None detected in the extraction script or processing logic.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool to manage local dependencies and execute a processing script.\n
- Evidence: Execution of 'npm install' and 'node' scripts within the Claude skill directory as defined in Step 2 of SKILL.md.
Audit Metadata