writing
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): The instructions follow a professional procedural format. There are no attempts to override system constraints, bypass safety filters, or leak system prompts.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were detected.
- Unverifiable Dependencies & RCE (SAFE): The skill does not download external packages or execute remote scripts. It relies on standard internal agent tools like
create_fileandstr_replace. - Indirect Prompt Injection (LOW):
- Ingestion points: User-provided 'meta-context', 'context dump', and iterative feedback in
SKILL.md. - Boundary markers: The instructions do not define explicit delimiters for untrusted user content.
- Capability inventory: Uses
create_fileandstr_replaceto modify local workspace documents. - Sanitization: No explicit sanitization or filtering of user content is mentioned.
- Risk Tier: LOW. While it processes untrusted data, its capabilities are limited to drafting documentation. It lacks the network or execution permissions required for high-severity exploitation.
- Obfuscation (SAFE): No encoded strings, hidden characters, or homoglyphs are present.
- Persistence & Privilege Escalation (SAFE): The skill does not attempt to modify system configurations, shell profiles, or acquire elevated permissions.
Audit Metadata