roundup-setup
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses bash to create the directory
~/.config/roundup. This is a routine operation for a setup utility to prepare for local storage. - [PROMPT_INJECTION]: The skill collects user-provided writing samples to calibrate its behavior, creating an indirect prompt injection surface.
- Ingestion points: User-pasted text in the onboarding flow.
- Boundary markers: The skill instructs the agent to wrap user examples in triple backticks within the generated configuration file.
- Capability inventory: File system directory creation and file writing.
- Sanitization: Use of code fences to isolate untrusted user data from the configuration structure.
Audit Metadata