document
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted markdown content (e.g., from emails or web drafts) via the
contentparameter, which presents a surface for indirect prompt injection. Malicious instructions could be hidden in the text and interpreted by the agent during display or selection processing. - Ingestion points:
contentfield inDocumentConfigwithinSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the configuration.
- Capability inventory: Subprocess calls to
src/cli.tsfor rendering/spawning scenarios as documented inSKILL.md. - Sanitization: No input validation or sanitization of the markdown source is specified.
Audit Metadata