Skills
skills/sarfraznawaz2005/agent-skills-collection/autohotkey-v2-gui/Gen Agent Trust Hub

autohotkey-v2-gui

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill provides code patterns for ingesting local file names and paths without sanitization or boundary markers. This creates a potential surface for indirect injection where malicious file names could influence the agent's reasoning if it processes the resulting data.
  • Ingestion points: Loop Files command in SKILL.md used for populating ListViews and string concatenation.
  • Boundary markers: Absent; file metadata is interpolated directly into strings and UI controls.
  • Capability inventory: GUI display (ListView.Add, MsgBox), memory management, and script termination (ExitApp).
  • Sanitization: None provided; the snippets assume trusted file system metadata.
  • [Data Exposure] (LOW): The performance optimization documentation includes an example of recursive traversal of the system root (C:\). While used to demonstrate string handling, it encourages exposing the host's complete directory structure to the agent.
  • Evidence: Loop Files, "C:\*.*", "R" in SKILL.md (Performance Optimization section).
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 09:44 AM