5w1h-decision
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute local Python scripts (
generate_token.pyandvalidate_5w1h.py) using theuvtool to manage session tokens and validate framework compliance. - [EXTERNAL_DOWNLOADS]: The installation instructions utilize
curlto fetch the skill's markdown definition from a public GitHub repository. - [PROMPT_INJECTION]: The skill defines strict behavioral constraints through 'Avoidance Language Detection,' blocking specific phrases (e.g., 'too complex', 'for now') to prevent the agent from bypassing established quality standards.
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface exists as the skill is intended to process external requirement documents and user-provided scenarios.
- Ingestion points: Data enters the system via the
Whysection, which references external files likedocs/app-requirements-spec.md. - Boundary markers: The skill uses a structured Markdown template to organize fields, but lacks explicit safety delimiters to prevent the agent from following instructions embedded within the processed requirement files.
- Capability inventory: The skill can execute local Python scripts and generate file content for decision tokens.
- Sanitization: Validation is performed via an internal script (
validate_5w1h.py) and a keyword-based blocklist targeting avoidance language.
Audit Metadata