create-hat-collection
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill generates YAML files containing instructions for other agents based on user input, which is a potential surface for indirect injection.
- Ingestion points: Phase 1 (Understand the Workflow) collects user-provided roles and process descriptions.
- Boundary markers: The output is structured in YAML blocks, but the skill lacks specific instructions for the agent to sanitize user input against prompt injection before embedding it in the generated
instructionsfield. - Capability inventory: The skill produces files in the
presets/directory. The documentation suggests these files can be executed by a local tool (ralph). - Sanitization: There is no explicit sanitization of user-provided text beyond structural YAML validation.
- [Command Execution] (SAFE): The skill references CLI commands (
cargo run,cargo test) within its documentation for the purpose of testing generated output. These are intended for user-initiated verification and do not represent autonomous or malicious execution.
Audit Metadata