writing-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to process untrusted user-provided text, creating an attack surface for indirect instructions.
- Ingestion points: The skill reads user text and user instructions (SKILL.md, Instructions 1 and 3).
- Boundary markers: Absent. There are no defined delimiters (e.g., triple backticks or XML tags) to distinguish between data to be edited and potential malicious instructions.
- Capability inventory: Minimal. The skill performs text transformation and does not have access to file systems, network operations, or shell execution.
- Sanitization: Absent. No filtering or escaping is applied to the input text.
- [No Code Findings] (SAFE): The skill contains only metadata and natural language instructions. No scripts, binaries, or configuration files for package managers were found, precluding categories like Remote Code Execution or Privilege Escalation.
Audit Metadata