prose-synthesize
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behavioral patterns or obfuscated code were found within the skill's instructions.\n- [COMMAND_EXECUTION]: The skill requests access to file system tools (
Read,Edit,Write,Grep,Glob,TodoWrite). These are used for the primary purpose of reading source notes and writing the resulting plans to files, which aligns with the stated functionality.\n- [PROMPT_INJECTION]: This skill possesses an attack surface for indirect prompt injection because it ingests untrusted data. \n - Ingestion points: Content is received via
$ARGUMENTS(raw text or file path) inSKILL.md.\n - Boundary markers: The skill lacks explicit delimiters to isolate user content from system instructions.\n
- Capability inventory: The skill has file read/write permissions via
Read,Edit, andWritetools.\n - Sanitization: There is no explicit sanitization of the input text.\nHowever, the skill's structured workflow (Extracting, Tagging, and Clustering) inherently treats the input as passive data for analysis rather than instructions, which effectively maintains a safe operational profile.
Audit Metadata