skills/jeremylongshore/claude-code-plugins-plus-skills/neurodivergent-visual-org/Gen Agent Trust Hub
neurodivergent-visual-org
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill contains a 'Mode Detection Algorithm' that analyzes user input for keywords like 'overwhelmed' or 'adhd' to switch between base and accessibility modes. This logic relies on interpreting user-provided text to influence agent behavior.
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface.
- Ingestion points: The skill ingests the user's message to evaluate distress signals and mode requests (SKILL.md, 'Mode Detection Algorithm' section).
- Boundary markers: No specific boundary markers or 'ignore embedded instructions' warnings are present to separate user content from the agent's logic.
- Capability inventory: The skill possesses broad capabilities including
Bash(cmd:*),Write,Edit,Grep, andGlob(SKILL.md frontmatter). - Sanitization: No sanitization or validation of user-provided keywords is described before they are processed by the logic used to determine the agent's behavioral constraints.
- [COMMAND_EXECUTION]: The skill requests permission for the
Bash(cmd:*)tool. Although the instructions focus on text and diagram generation, this grants the agent unrestricted shell access which could be exploited if the agent is misled by malicious input. - [EXTERNAL_DOWNLOADS]: The skill generates links to
mermaid.live, a well-known and trusted external service for rendering and editing Mermaid diagrams. These links include encoded diagram data to allow the user to visualize their organizational tools.
Audit Metadata