portable-extract
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a shell script to verify the presence of required documentation files. The script performs local file existence checks and is considered safe.
- [PROMPT_INJECTION]: The skill processes content from reverse-engineering documents to generate portable artifacts, creating an indirect prompt injection surface.
- Ingestion points: The skill reads 11 markdown files from the docs/reverse-engineering/ directory.
- Boundary markers: The instructions do not define the use of delimiters or 'ignore embedded instructions' markers when ingesting document content.
- Capability inventory: The skill has permissions to read from the workspace and write artifacts to the _portable-extract/ directory.
- Sanitization: No explicit input validation or sanitization is performed on the source document content before it is processed by the agent.
Audit Metadata