Skills
skills/philoserf/claude-code-setup/editing-assistant/Gen Agent Trust Hub

editing-assistant

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill is designed to ingest untrusted data from markdown files using the Read and Glob tools. It lacks boundary markers to distinguish content from potential instructions, creating a risk if the agent is told to 'Apply edits directly without seeking approval'.\n
  • Ingestion points: Read, Grep, and Glob tools are used to load external markdown files like README.md.\n
  • Boundary markers: Absent; no directives (like XML tags or 'ignore' warnings) are provided to isolate the content being edited from the agent's instructions.\n
  • Capability inventory: Edit tool for filesystem modification and WebSearch for network access.\n
  • Sanitization: No sanitization or verification of the content is performed before processing.\n- Command Execution (LOW): Section 5 instructs the agent to 'Run markdownlint ' to identify and fix errors.\n
  • Evidence: Manual instructions to execute shell-level commands for linting.\n
  • Risk: While markdownlint is a standard utility, the execution of commands on user-controlled files is a sensitive capability. The severity is lowered as it is the primary intended purpose of the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:34 PM