ask-skill-capture
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it extracts 'lessons' from the recent conversation history.
- Ingestion points: Processes the last 10-20 turns of conversation history (README.md, SKILL.md).
- Boundary markers: Absent; there are no specific delimiters to prevent the agent from mistaking malicious instructions in the chat history for valid 'patterns' or 'constraints'.
- Capability inventory: The skill has the capability to write files to the local filesystem at
.agent/skills/<skill-name>/SKILL.md. - Sanitization: No explicit sanitization or filtering of the extracted content is performed before saving, although the process requires a user confirmation step ('Step 4: Review & Save') which acts as a manual checkpoint.
- Data Exposure (SAFE): While the skill writes to the filesystem, the pathing is restricted to a specific subdirectory (
.agent/skills/), and there is no evidence of data exfiltration or access to sensitive files like SSH keys or environment variables.
Audit Metadata