Skills
skills/florianbruniaux/claude-code-ultimate-guide/talk-stage1-extract/Gen Agent Trust Hub

talk-stage1-extract

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted external content.
  • Ingestion points: The Read tool is used to ingest external 'source material' (articles, transcripts, notes) which may contain embedded malicious instructions.
  • Boundary markers: The skill lacks explicit delimiters or instructions for the agent to ignore any embedded commands within the source material.
  • Capability inventory: The skill uses Write and Read tools, providing an attacker with a vector to manipulate the local filesystem if the agent obeys injected instructions.
  • Sanitization: There is no mention of sanitizing or escaping the content read from external files before it is processed by the agent.
  • [COMMAND_EXECUTION]: Potential for path traversal through unvalidated input.
  • Evidence: The skill uses a user-provided {slug} variable to construct the output path: talks/{YYYY}-{slug}-summary.md. If the agent does not properly validate or sanitize the slug input, it could be exploited to write files to arbitrary locations on the system (e.g., using ../ sequences).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:07 AM