import-template
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests 'Template content' from user input and saves it to the local file system (SKILL.md). This content is later used by other commands to format outputs, which could allow an attacker to embed instructions that hijack future agent sessions.
- Ingestion points: User-provided 'Template content' (SKILL.md).
- Boundary markers: None present to delimit user input or warn against embedded instructions.
- Capability inventory: Writes to the file system and executes 'scripts/guidelines-manager.py' (SKILL.md).
- Sanitization: No evidence of sanitization or validation for the user-provided template content.
- [COMMAND_EXECUTION]: The skill executes a local script 'scripts/guidelines-manager.py' using variables derived from user input ('brand', 'name'). This presents a risk of command or argument injection if the underlying implementation does not properly sanitize these inputs.
Audit Metadata