style-writer
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the style-dna.md input files it is designed to analyze.
- Ingestion points: The agent reads and internalizes the content of style-dna.md or other DNA files in Phase 1 to guide its writing process.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between style metrics and potentially malicious embedded instructions within the DNA file.
- Capability inventory: The skill utilizes the Write and Edit tools, which could be leveraged to perform unintended actions if the agent follows injected instructions.
- Sanitization: No validation or filtering is performed on the input file content before the agent processes it.
- [COMMAND_EXECUTION]: Phase 4 instructions direct the agent to 'Use Python or manual counting to measure your draft.' While not inherently malicious, this encourages the use of a computational tool that is not explicitly listed in the allowed-tools configuration section of the YAML frontmatter.
Audit Metadata