glossary-resolver
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a glossary resolution feature using standard Node.js patterns and secure file IO wrappers provided by the @agent/core library.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted input files and glossary definitions without sanitization.
- Ingestion points: Reads document content and glossary data from paths provided via command-line arguments in src/lib.ts and scripts/resolve.ts.
- Boundary markers: No markers or warnings are used in the output to separate original content from resolved glossary definitions.
- Capability inventory: Access is limited to reading and writing local files; no network or shell execution capabilities were detected.
- Sanitization: Input content and glossary definitions are used directly in string replacement without validation or escaping.
Audit Metadata