six-hats
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through the ingestion of untrusted data.
- Ingestion points: User-supplied topics and previous hat responses are interpolated into AI prompts defined in
SKILL.md. - Boundary markers: There are no delimiters (such as XML tags) or instructions provided to the model to disregard instructions embedded within the user input.
- Capability inventory: The skill includes a script (
scripts/six_hats_debate.py) that performs file system writes and directory creation. - Sanitization: The skill lacks content-level sanitization or escaping for user-supplied strings before they are injected into the prompts.
- [COMMAND_EXECUTION]: The skill utilizes
scripts/six_hats_debate.pyto initialize the project structure and create output files. This script includes path resolution logic that verifies the target output directory is located within the current working directory or the home directory, ensuring the skill does not write files to unauthorized locations.
Audit Metadata