prose-distill
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface detected. The skill processes external data that could contain malicious instructions designed to override agent behavior.
- Ingestion points: Untrusted content is ingested via the $ARGUMENTS variable in SKILL.md, which can contain direct text or file contents.
- Boundary markers: There are no defined delimiters or instructions to the agent to ignore embedded commands within the input text.
- Capability inventory: The skill uses Read, Edit, Write, Grep, Glob, and TodoWrite tools as defined in the frontmatter.
- Sanitization: The skill lacks any logic to sanitize or escape the input content before it is processed by the agent.
Audit Metadata