balanced
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to read and write configuration data to the path
~/.claude/skills/balanced/config.json. This persistence mechanism involves direct interaction with the host file system through the agent's file tools to store and retrieve user preferences.\n- [PROMPT_INJECTION]: The skill processes untrusted user input within its dialogue logic and configuration setup without explicit sanitization or protective boundary markers, which creates an indirect prompt injection surface.\n - Ingestion points: Input statements provided to the
/balancedcommand and responses provided during the onboard setup flow.\n - Boundary markers: No delimiters or instructions to ignore embedded instructions are present when processing user-provided content.\n
- Capability inventory: The skill utilizes file system write/read capabilities and web search tools for DOI validation.\n
- Sanitization: No specific validation, escaping logic, or schema enforcement is defined for user-supplied input before it is processed or stored.
Audit Metadata