skills/jeremylongshore/claude-code-plugins-plus-skills/quickstart-guide-generator/Gen Agent Trust Hub
quickstart-guide-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to process external technical documentation and is granted high-privilege tools including
Bash,Write, andEdit. This creates a significant vulnerability surface where malicious instructions embedded in the documentation being analyzed could be executed by the agent. - Ingestion points: Technical documentation, API docs, and user guides processed during the generation task.
- Boundary markers: None. The instructions lack delimiters or warnings to ignore embedded instructions in the source material.
- Capability inventory:
Bash(arbitrary command execution),Write/Edit(filesystem modification),Read(data exposure),Grep. - Sanitization: None. There is no logic provided to sanitize or validate the content before it is processed by the powerful tools requested.
Recommendations
- AI detected serious security threats
Audit Metadata