process-doc-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill contains a vulnerability surface for indirect prompt injection (Category 8). \n
- Ingestion points: The skill ingest data from existing local notes to extract context and trial-and-error history (
SKILL.md, Step 3, Mode A). \n - Boundary markers: The instructions lack delimiters or 'ignore instruction' warnings to encapsulate the external data being processed. \n
- Capability inventory: The agent is empowered to create new markdown files and rename local image files based on the semantic content of the notes (
SKILL.md, Step 3, Mode A, items 4 and 5). \n - Sanitization: No input validation is specified to prevent malicious payloads in source notes from influencing file system operations.
Audit Metadata