skill-corrections
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to fetch and display 'raw user corrections' and keyword clusters without any sanitization. If a user previously provided a correction containing malicious instructions, the agent might follow them when this skill is invoked.
- Ingestion points: Untrusted data enters the context from the output of the
corrections.mjsscript, which retrieves user-provided correction messages. - Boundary markers: Absent. The skill explicitly instructs to 'Display the output exactly as returned' and 'Do not modify or summarize', providing no delimiters or warnings to ignore embedded instructions.
- Capability inventory: The skill has the capability to execute a local Node.js script using the
nodecommand. - Sanitization: No sanitization, validation, or escaping is performed on the data returned by the script before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill executes a local Node.js script located at
${CLAUDE_PLUGIN_ROOT}/scripts/corrections.mjs. It passes user-provided input directly through the$ARGUMENTSvariable to the script execution.
Audit Metadata