create-runbook
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates untrusted user data from the 'topic' and 'service' arguments directly into generated markdown files and file paths.\n
- Ingestion points: The 'topic' and 'service' arguments are sourced directly from user input during invocation.\n
- Boundary markers: No delimiters or safety instructions are used to isolate user-provided data from the system's generation logic, allowing malicious input to potentially influence the output instructions.\n
- Capability inventory: The skill utilizes the 'Write' tool to create files and the 'Read', 'Glob', and 'Grep' tools to scan the filesystem for existing runbooks.\n
- Sanitization: There is no evidence of validation or sanitization for input strings before they are used in file path construction or content generation, which could facilitate path traversal attacks.
Audit Metadata