create-runbook
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill facilitates Indirect Prompt Injection (Category 8).
- Ingestion points: Extracts knowledge from 'this conversation', which contains untrusted user/agent interaction data.
- Boundary markers: The instructions lack explicit markers or commands to ignore embedded instructions within the source conversation when generating the runbook.
- Capability inventory: The skill has the capability to write new files to the
runbooks/directory, which are subsequently searchable viasearch_runbooks. - Sanitization: There is no evidence of sanitization or filtering of the extracted procedural text before it is written to the file system.
Audit Metadata