list-builder
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill features a surface for indirect prompt injection through data ingestion.
- Ingestion points: The script
scripts/validate-list.tsreads content from external JSON files provided as input. - Boundary markers: There are no instructions for the agent to use delimiters or ignore embedded instructions when reading list items.
- Capability inventory: The agent has permissions to write files to the project directory and perform web-based research.
- Sanitization: No sanitization or filtering logic is present to identify or neutralize instructions within the JSON data.
- [COMMAND_EXECUTION]: The skill involves the execution of local Deno scripts to perform its primary functions.
- Evidence:
SKILL.mddirects the agent to rundeno run --allow-read scripts/validate-list.tsto analyze lists. - Context: The scripts are provided within the skill package and perform legitimate validation and merging operations as documented.
Audit Metadata