content-to-knowledge-base
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The skill reads local file content and scans project directory structures to generate configuration files and classify content. No network operations or external data exfiltration patterns were detected. (File: SKILL.md)- [COMMAND_EXECUTION]: The skill performs local file system write operations, including creating new directories and saving files to paths derived from user input or project configurations, such as .cursor/knowledge-base-config.md. (File: SKILL.md)- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes untrusted user data and has file-writing capabilities. Instructions embedded in the source content could attempt to influence the agent's file-saving behavior. \n
- Ingestion points: Content is ingested from user text input or files via @file paths. (File: SKILL.md) \n
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the untrusted source content. \n
- Capability inventory: File read/write access, directory creation, and directory scanning capabilities are present. (File: SKILL.md) \n
- Sanitization: No specific sanitization or validation of the input content's instructions is mentioned.
Audit Metadata