boring-threads
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is text generation based on local markdown files. No obfuscation, direct prompt injection, or remote code execution vulnerabilities were identified.
- [SAFE]: No network activity or external data exfiltration patterns were detected. All network-related indicators (curl, wget, etc.) are absent.
- [SAFE]: File system interactions are restricted to reading from specific directories (
world-code/,content/hits/) and writing generated content tocontent/threads/, which is consistent with the skill's documented behavior. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from local files.
- Ingestion points: Reads from
world-code/*.mdandcontent/hits/threads/*.md(SKILL.md). - Boundary markers: None present. The content of these files is processed directly to influence the output style and topic selection.
- Capability inventory: The skill is limited to reading local text files and writing markdown files to a specific directory (
content/threads/). It lacks network access, shell execution, or sensitive data access capabilities. - Sanitization: No explicit sanitization or instruction-filtering is performed on the content read from external files.
Audit Metadata