thinktank
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill executes the
thinktankcommand to perform multi-model synthesis. This command execution is the primary purpose of the skill and does not appear to involve shell injection or privilege escalation.\n- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection through the analysis of external files.\n - Ingestion points: Untrusted data is ingested through the
$FILES(file contents) and$ARGUMENTS(user query) parameters.\n - Boundary markers: The workflow does not define delimiters or protective instructions (e.g., 'ignore embedded instructions') when writing the query and file context to
/tmp/thinktank-query.md.\n - Capability inventory: The skill possesses the capability to execute shell commands (
thinktank) and read/write files in the local filesystem.\n - Sanitization: No escaping, validation, or filtering of the external file content is performed before it is passed to the models for synthesis.
Audit Metadata