making-waffles
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No security issues were detected in the analyzed files. The skill operates entirely through natural language instructions to the AI agent and does not utilize any external tools or permissions.\n- [NO_CODE]: The skill package is comprised strictly of Markdown documentation (README.md, SKILL.md, _MAP.md). There are no scripts, binaries, or configuration files that would result in code execution.\n- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by processing user-provided 'post text'. However, this is assessed as safe because the skill has no functional capabilities (no network, file, or command access) that an injection could exploit.\n
- Ingestion points: User-supplied post text processed in the 'Generation Process' section of SKILL.md.\n
- Boundary markers: Absent; there are no explicit delimiters or instructions to ignore embedded commands in the input text.\n
- Capability inventory: None; the skill does not request or use any agent tools.\n
- Sanitization: None; the input text is processed directly as text for the LLM.
Audit Metadata