btw
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: An indirect prompt injection surface exists where user-provided suggestions are stored and later utilized as input for the 'skill-create' workflow via the '/btw promote' command. This could allow maliciously crafted suggestions to influence the behavior or configuration of newly created skills.
- Ingestion points: User input provided to the '/btw {suggestion}' command and stored in the '.bkit/btw-suggestions.json' file.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: The skill has access to file system tools (Read, Write, Edit, Glob, Grep, Bash) and can trigger external workflows.
- Sanitization: No validation, filtering, or escaping of user-provided content is performed before it is passed to subsequent agent actions.
Audit Metadata