asset-refiner
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) by processing untrusted data from project records.\n
- Ingestion points: Processes content from the active document or user-selected text (SKILL.md, Phase 1).\n
- Boundary markers: Absent. The skill does not use delimiters or boundary markers to isolate user-provided content from its internal instructions.\n
- Capability inventory: The agent has the capability to write new Markdown files and modify file metadata in specified local directories (SKILL.md, Phase 3.2).\n
- Sanitization: Absent. While the skill performs 'context stripping' for content refinement, it lacks security-focused sanitization or validation to prevent the execution of instructions embedded within the processed notes.
Audit Metadata