argument-builder
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from project files and user notes without explicit sanitization or boundary markers. * Ingestion points: The skill reads from project.yaml, contribution-profile.md, and various literature synthesis files. * Boundary markers: There are no instructions to use delimiters or ignore instructions within the ingested text. * Capability inventory: The agent has permissions to write multiple output files and execute git commands. * Sanitization: The content from external files is used directly in the drafting process without validation.
- [COMMAND_EXECUTION]: The skill utilizes shell commands to manage versioning through git. It is instructed to run 'git add' and 'git commit' on its output files. This capability could be exploited if malicious content influences the shell execution environment or the paths provided to the command.
Audit Metadata