cw-critique
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted text from creative writing drafts and project documentation. Evidence: 1. Ingestion points: Reads from user-provided draft sections, ./docs/voice-profile.md, and ./docs/structure.md. 2. Boundary markers: Absent; there are no instructions to ignore embedded commands within the text being critiqued. 3. Capability inventory: Authorized to use Read, Grep, Glob, Write, and Edit tools via SKILL.md. 4. Sanitization: Absent; the skill does not validate or sanitize input text before processing.
- DATA_EXFILTRATION (SAFE): No network-enabled tools or exfiltration patterns were detected; the skill only accesses local documentation.
- REMOTE_CODE_EXECUTION (SAFE): No remote code execution patterns, external downloads, or runtime compilation techniques were identified.
- NO_CODE (SAFE): The skill consists only of instructional markdown and does not include any executable scripts or binary files.
Audit Metadata