heal-skill
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface identified.
- Ingestion points: The skill reads
SKILL.mdandconfig.jsonfiles from other skills in the library to perform diagnostics (Checks S1-I5). - Boundary markers: The skill uses Markdown code blocks to wrap diff previews and health reports, which provides some structural separation between scanned content and agent instructions.
- Capability inventory: The skill description indicates capabilities for file reading, YAML/JSON parsing, and file writing (via the Auto-Fix Protocol).
- Sanitization: While the skill performs specific regex-based cleaning (e.g., stripping XML tags from descriptions in check S6), it lacks a general sanitization layer for arbitrary text read from other skills' bodies.
- [NO_CODE]: No executable scripts (Python, Node.js, etc.) were provided with the skill. The analysis is based on the instructions and protocols defined in the markdown files.
Audit Metadata