ljg-relationship
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. Ingestion point: Untrusted data enters the agent context when users provide stories about their relationships (Step 1). Boundary markers: Delimiters or 'ignore embedded instructions' warnings are absent. Capability inventory: The skill has the capability to write this information into local files at '~/Documents/notes/' and execute the 'date' shell command (Step 6). Sanitization: No explicit sanitization, escaping, or filtering of user-supplied content is mentioned, which could allow maliciously crafted input to influence file content or paths.
- [COMMAND_EXECUTION]: The skill triggers the execution of the 'date' shell command to generate timestamps for file naming. It also performs file system write operations to save relationship analyses in the '~/Documents/notes/' directory. These capabilities are used for core skill functionality but involve direct interaction with the host environment.
Audit Metadata