cw
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection as it processes untrusted content from the web and user-provided drafts. Ingestion points: WebFetch, WebSearch, and Read (user files). Boundary markers: Absent; the prompt does not include delimiters or instructions to ignore embedded commands in the data. Capability inventory: Bash, Write, Edit, and WebFetch. Sanitization: Absent; content is used directly for critical analysis.
- COMMAND_EXECUTION (LOW): The inclusion of the Bash tool provides a significant capability surface that could be exploited if the agent is misled by indirect injections, despite instructions to treat art-as-code as expressive rather than functional.
- EXTERNAL_DOWNLOADS (LOW): The WebFetch and WebSearch tools allow the retrieval of content from unverified external sources, which is a primary entry point for untrusted data.
Audit Metadata