dont-to-do
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to run a local Python script (scripts/refine.py) for prompt scanning and backfilling. The execution pattern uses 'printf' to safely pipe user-supplied text into the script, which prevents shell command injection.
- [PROMPT_INJECTION]: The skill processes untrusted user prompts, which is an inherent surface for indirect prompt injection. Ingestion points: User-supplied prompts enter the skill through the $ARGUMENTS variable in SKILL.md. Boundary markers: No delimiters or safety markers are used during the LLM's transformation phase. Capability inventory: The skill's toolset is limited to Bash for local script execution; it lacks network access, administrative privileges, and file-writing capabilities. Sanitization: Shell inputs are sanitized by being piped through printf instead of being interpolated into command strings.
- [SAFE]: No evidence of malicious intent, data exfiltration, or obfuscation was found. The skill operates as a transparent tool for prompt engineering within a restricted execution environment.
Audit Metadata