skill-extractor
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [SAFE] (SAFE): The skill is composed entirely of Markdown instructions and workflow descriptions. It does not perform any automated command execution, file system modifications, or network requests.
- [INDIRECT PROMPT INJECTION] (INFO): The skill defines a process for ingesting untrusted data (past conversations). 1. Ingestion point: Step 1 (Gather Evidence) specifically asks for pasted conversation excerpts. 2. Boundary markers: None specified in the workflow. 3. Capability inventory: The skill is limited to text generation/formatting for SKILL.md files. 4. Sanitization: None specified. While this creates a theoretical surface for prompt injection, the risk is negligible (INFO) because the skill's only output is text and it lacks the permissions to execute instructions contained within the excerpts.
Audit Metadata