acc-create-mediator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill defines a surface for indirect prompt injection via user-supplied parameters.
- Ingestion points: Input requirements section in SKILL.md (Name, Context, Colleagues).
- Boundary markers: None provided to separate user input from the template logic.
- Capability inventory: The skill is designed to guide an agent in file-writing operations for PHP source code.
- Sanitization: No validation or escaping logic is defined for the interpolated user strings.
- [No Executable Code] (SAFE): The skill consists solely of markdown and static templates.
- Evidence: No scripts (.sh, .py, .js) or binary files are referenced or included in the analyzed content.
Audit Metadata