acf-local-json
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and analyze untrusted data sources, such as HTML structures or visual designs, which creates a surface for indirect prompt injection attacks.\n
- Ingestion points: Images, designs, and HTML structures (SKILL.md Core Workflow Step 1).\n
- Boundary markers: Absent; no delimiters or warnings against following embedded instructions are specified for the agent.\n
- Capability inventory: Local script execution (scripts/generate_keys.py) and file-writing (acf-json/ directory).\n
- Sanitization: Absent; the instructions do not include guidance for sanitizing or escaping content extracted from untrusted inputs.\n- Command Execution (SAFE): The skill includes a local script scripts/generate_keys.py for key generation. Analysis of the code shows it utilizes standard library functions (random, string, sys) for string formatting and does not contain any calls to eval(), exec(), or other dangerous primitives, nor does it perform network or sensitive file operations.
Audit Metadata