interactive-writing-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill's architecture involves ingesting untrusted data from external sources (PKM folders) and processing it through various AI prompts, creating a vulnerability surface.
- Ingestion points: Data enters the agent context through the Read, Glob, and Grep tools targeting the Journal, Reading/Articles, and Topics directories.
- Boundary markers: The skill utilizes %% %% as delimiters for user comments but lacks comprehensive separation between instructions and content from external files.
- Capability inventory: The agent possesses Write and Edit capabilities, which could be exploited by an indirect injection to modify or corrupt user documents.
- Sanitization: No explicit sanitization or validation of input from the PKM system or voice transcripts is described in the logic.
Audit Metadata