de-ai-flavor
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted text from external documents to perform rewrites and edits.
- Ingestion points: The skill utilizes the 'Read', 'Grep', and 'Glob' tools to ingest data from user-provided file paths (e.g., 'docs/*.md') and git diff outputs.
- Boundary markers: There are no specific delimiters or 'ignore embedded instructions' markers defined in 'SKILL.md' to isolate the text being processed.
- Capability inventory: The skill has the 'Edit' capability, which allows it to modify the local filesystem based on potentially malicious instructions embedded in the ingested content.
- Sanitization: No sanitization, validation, or filtering logic is specified for the input text before the agent is instructed to 'Rewrite' or 'Simplify' it.
- [NO_CODE]: The skill does not contain any executable scripts, binary files, or remote dependencies, relying entirely on the agent's internal reasoning and standard filesystem tools.
Audit Metadata