personal-essay-editor
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill architecture creates a vulnerability by combining untrusted content processing with filesystem modification tools. Ingestion points: Processes arbitrary text provided for editing as specified in SKILL.md. Boundary markers: No delimiters or safety instructions are used to separate user data from agent instructions. Capability inventory: The allowed-tools (Read, Edit, Write) permit the agent to modify files based on instructions found within the input. Sanitization: No input validation or filtering is present to catch embedded command patterns.
- [Metadata Poisoning] (LOW): The skill references internal files (orwell.md and word-choices.md) that are missing from the provided package, which could lead to agent hallucination or functional failure.
Recommendations
- AI detected serious security threats
Audit Metadata