threat-model-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill is designed to ingest and process user system descriptions to create threat models while having access to powerful system tools.\n
- Ingestion points: External data provided by the user through triggers like 'threat model creator' is processed by the agent.\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the documentation.\n
- Capability inventory: The skill is granted access to
Bash,Write, andEdittools, which can be misused if the agent obeys instructions hidden within the data being modeled.\n - Sanitization: There is no evidence of input validation or sanitization logic within the provided skill metadata.\n- [NO_CODE] (SAFE): The skill consists entirely of metadata and documentation; no executable scripts or source code files were provided for analysis.
Audit Metadata