Skills
skills/joelhooks/joelclaw/pdf-brain/Gen Agent Trust Hub

pdf-brain

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core workflow of processing untrusted data from a document corpus and using it to generate actionable system commands.
  • Ingestion points: Untrusted data enters the agent context via the joelclaw docs search and joelclaw docs context commands in SKILL.md.
  • Boundary markers: The skill does not define explicit delimiters or instructions to the agent to disregard instructions that might be embedded within the retrieved document snippets.
  • Capability inventory: The skill generates k8s/infra moves and verification commands (e.g., shell commands and config paths) based on the processed data.
  • Sanitization: There is no evidence of sanitization or validation of the corpus content before it is interpolated into the prompts used to generate the final commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 11:04 PM