sequential-thinking
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill references multiple external files including JavaScript scripts (
scripts/process-thought.js,scripts/format-thought.js) and several markdown documents in areferences/directory. These assets are missing from the provided input, meaning their contents and safety cannot be verified. - [COMMAND_EXECUTION] (LOW): The documentation explicitly mentions using scripts for 'deterministic validation' and 'tracking thoughts,' which indicates that the skill is intended to execute code within the agent's runtime environment.
- [PROMPT_INJECTION] (LOW): The skill is designed to process complex, untrusted data for problem decomposition. It does not define boundary markers (e.g., delimiters) or sanitization steps to prevent instructions embedded in that external data from hijacking the 'Thought' sequence process (Indirect Prompt Injection).
Audit Metadata