hooks-generator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (INFO): The skill is susceptible to indirect prompt injection via user-provided product and audience descriptions used during the discovery phase. \n
- Ingestion points: Required Information section (SKILL.md). \n
- Boundary markers: Absent. \n
- Capability inventory: Pure text generation and display; no file-system, network, or code execution tools. \n
- Sanitization: Absent. \n
- Risk: Negligible, as the skill lacks side-effect capabilities.\n- [External References] (LOW): The skill documentation includes a link to 'motionapp.com', an untrusted external domain. While the link is informational, it encourages interaction with a third-party source not verified within the trust scope.\n- [No Code] (SAFE): Analysis confirms the skill consists solely of markdown instructions and contains no scripts, binaries, or automated network operations.
Audit Metadata