writing-style
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted text for rewriting without employing strict boundary markers or sanitization. This creates a surface for indirect prompt injection where the input text could attempt to influence agent behavior. However, the risk is minimal because the skill lacks dangerous capabilities like network access or filesystem modifications. 1. Ingestion points: Input text provided via the /my-style command or natural language triggers defined in SKILL.md. 2. Boundary markers: None identified in the prompt templates. 3. Capability inventory: The skill is limited to text output and has no access to subprocesses, networking, or file writing. 4. Sanitization: No input sanitization or escaping logic is present.
- No Executable Code (SAFE): Analysis of the skill files (SKILL.md, README.md, command/my-style.md, references/my-style.md) confirms there are no scripts, binaries, or automated installation hooks that execute code on the host system.
- Data Privacy (SAFE): The installation guide in README.md encourages users to export personal messages from Gmail, WhatsApp, and Slack to build a style profile. While this is an intended function, it involves placing sensitive personal data into the AI's context, which is a privacy consideration for the user rather than a technical vulnerability in the skill itself.
Audit Metadata