Proposal Writer
Pass
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: LOWPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Prompt Injection (LOW): Indirect Prompt Injection Surface. The skill incorporates untrusted user data into its output prompts without utilizing boundary markers or sanitization. Ingestion points: User input for project descriptions and business needs (SKILL.md). Boundary markers: Absent. Capability inventory: Text generation/display only. Sanitization: Absent.
- External Downloads (LOW): The skill documentation promotes unverified third-party content. It links to an untrusted domain (afrexai-cto.github.io) for 'context packs' and lists several other skills for installation via the 'clawhub' manager (README.md, SKILL.md).
Audit Metadata