prose-distill
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted text or file content as primary input for its distillation logic.
- Ingestion points: The skill accepts input via the $ARGUMENTS parameter and utilizes the 'Read' tool to ingest file contents.
- Boundary markers: No explicit delimiters or instructions to disregard embedded commands are used when the agent processes the input text.
- Capability inventory: The skill has access to file system tools including Read, Edit, Write, Grep, Glob, and TodoWrite, which increases the risk surface if an injected instruction is executed.
- Sanitization: There is no evidence of input validation, filtering, or escaping of the ingested text before it is presented to the model.
Audit Metadata