shorts-writer
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform file system modifications by creating new directories and writing files based on user-provided input.
- Evidence: SKILL.md contains the instruction to "Create a new directory named after the topic inside the user's current working directory and save the script as a .md file inside it."
- Risk: Without sanitization of the 'topic' variable, this could potentially lead to directory traversal or writing files in unintended locations.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its style-absorption mechanism.
- Ingestion points: SKILL.md directs the agent to "read all files in the references/ directory" to absorb tone and structure.
- Boundary markers: There are no protective delimiters or instructions provided to distinguish between the style of the references and potential malicious instructions embedded within those files.
- Capability inventory: The agent possesses file-system write and directory-creation capabilities as defined in the SKILL.md output rules.
- Sanitization: No sanitization or validation is performed on the content of the reference files or the user-provided topic string.
Audit Metadata