dragonruby
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of external data through file reads and network requests, creating a surface for indirect prompt injection. * Ingestion points:
args.gtk.read_file,args.gtk.http_get, andargs.gtk.parse_json_fileinSKILL.md. * Boundary markers: None identified in the provided documentation. * Capability inventory: File system writes viaargs.gtk.write_file, text rendering to labels, and development console interaction viaGTK.console.set_command. * Sanitization: No explicit sanitization or validation of external data is demonstrated in the examples. - [EXTERNAL_DOWNLOADS]: The skill documents the use of
args.gtk.http_getto retrieve remote resources from external URLs, which is a standard feature for the documented engine.
Audit Metadata