Skills
skills/nataliecao323/partner-skill/create-partner/Gen Agent Trust Hub

create-partner

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of ingesting and processing untrusted external data.
  • Ingestion points: External chat logs (TXT/JSON), emails (.eml/.mbox), and screenshots are ingested via tools/chat_parser.py and tools/email_parser.py.
  • Boundary markers: Analysis of the scripts and prompt templates (e.g., prompts/persona_builder.md, prompts/relationship_health.md) reveals an absence of explicit boundary markers or instructions to ignore embedded commands within the processed data.
  • Capability inventory: The skill has access to powerful tools including Bash, Write, Edit, and Read across all its operations.
  • Sanitization: There is no evidence of sanitization or filtering to remove potential instructions from the ingested text before it is processed by the model.
  • [COMMAND_EXECUTION]: The skill architecture relies on the Bash tool to execute a suite of local Python scripts (e.g., state_engine.py, policy_selector.py, counterfactual_engine.py) which handle the mathematical modeling and logic. While the scripts are packaged with the skill and do not perform network operations, the reliance on shell execution alongside file modification permissions constitutes a high-privilege environment.
  • [EXTERNAL_DOWNLOADS]: The documentation and installation instructions reference cloning from GitHub. These are standard installation procedures from a well-known service and do not represent a security risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 04:23 AM