Best-Practice Creator
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests data from external
SKILL.mdfiles and existing documentation to generate new content. This establishes an indirect prompt injection surface where malicious instructions embedded in those external files could potentially influence the agent's output or behavior during the workflow. - Ingestion points: Reads metadata from
skills/*/SKILL.mdand existing content from_opensquad/core/best-practices/*.md. - Boundary markers: The instructions do not define explicit boundary markers or delimiters to separate untrusted ingested data from the core system prompt.
- Capability inventory: The skill performs local file read and write operations for documentation files (
.md,.yaml) within its project directory structure. - Sanitization: There is no requirement or guidance for the agent to sanitize or escape the content extracted from external files before it is incorporated into new documentation.
Audit Metadata