Skills
skills/pedronauck/skills/pitch-gen/Gen Agent Trust Hub

pitch-gen

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill interpolates user-provided text directly into an LLM prompt in src/index.ts.
  • Ingestion points: The idea argument provided via the CLI in src/cli.ts.
  • Boundary markers: None present; user input is appended directly to the end of the prompt.
  • Capability inventory: The skill has the capability to write files to the local file system.
  • Sanitization: None present; the input is passed directly to the OpenAI API.
  • [COMMAND_EXECUTION]: The CLI allows users to specify an output file path via the -o or --output flag in src/cli.ts. The tool uses fs.writeFileSync to write generated content to this path. While there is no path validation (allowing for potential overwriting of system files if misused), this is a standard functional feature of a CLI utility and does not appear to be malicious.
  • [SAFE]: All identified dependencies (commander, openai, ora) are standard, reputable packages sourced from the official NPM registry. No suspicious network activity or code obfuscation was detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 01:53 AM