skill-review
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a framework for reviewing and optimizing skill performance. Analysis of the markdown body and reference patterns confirms it contains no executable code, network operations, or sensitive data access.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it analyzes untrusted conversation data (Ingestion points: SKILL.md Step 2). It lacks boundary markers and sanitization for external content. However, because its capabilities are limited to documentation generation (Capability inventory: No subprocess/eval calls), the risk is negligible and assessed as safe.\n- [COMMAND_EXECUTION]: The skill documentation refers to the 'tn' (TaskNotes) CLI for diagnostic purposes. These commands (e.g., 'tn --help') are intended for manual or verified use in troubleshooting tools by the same author (oldwinter) and do not represent a security risk.
Audit Metadata