cw-prose-writing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is intentionally designed to ingest and execute instructions from untrusted project-level documentation.
- Ingestion points: Reads instructions from
CLAUDE.md,WRITING.md,CONVENTIONS.md,STYLE.md, and directories like.cursor/rules/. - Boundary markers: Entirely absent. The skill commands the agent to "read and follow their instructions" without applying delimiters or security context.
- Capability inventory: The skill uses web search and performs project file organization and writing, providing an escalation path for injected commands.
- Sanitization: No validation or sanitization is performed on the content of the discovered style guides.
- [DATA_EXFILTRATION] (MEDIUM): Potential for exfiltration exists if an indirect prompt injection uses the skill's web search capability to leak sensitive project data (e.g., character profiles or lore) to an external endpoint.
Recommendations
- AI detected serious security threats
Audit Metadata