boost-prompt
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill adheres to its stated purpose and uses standard VS Code extension capabilities for user interaction and clipboard operations. No unauthorized network access or suspicious code patterns were detected.
- [PROMPT_INJECTION]: The skill processes untrusted user input during prompt refinement, which creates a surface for indirect prompt injection.
- Ingestion points: User input via chat and responses to clarifying questions via the joyride_request_human_input tool.
- Boundary markers: Absent; the skill does not use specific delimiters to isolate user-provided text from its internal logic.
- Capability inventory: Includes interactive user requests and system clipboard write access via the Joyride extension's Clojure script interface.
- Sanitization: None; the skill does not validate or sanitize the content of the refined prompt before displaying it or copying it to the clipboard.
Audit Metadata