vibe-writing
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Indirect Prompt Injection (LOW): The skill features an attack surface for indirect prompt injection as it processes untrusted user input to generate structured documents.\n
- Ingestion points: User dialogue provided during the 'Learning' and 'Writing' phases (defined in
SKILL.mdandreferences/learning-guide.md).\n - Boundary markers: Absent; user-provided text is directly interpolated into card and article templates without delimiters to prevent instruction confusion.\n
- Capability inventory: The skill writes and organizes markdown files within a local project directory structure (
SKILL.md).\n - Sanitization: None; user input is captured and preserved to maintain the 'user's voice'.\n
- Assessment: The risk is classified as LOW because the skill possesses no high-privilege capabilities such as network access, arbitrary code execution, or access to sensitive system files. The impact is limited to the content of the generated documents.\n- General Security (SAFE): No instances of obfuscation, remote code execution, persistence mechanisms, or credential exposure were found. The skill's behavior aligns with its stated purpose of document management and creative assistance.
Audit Metadata