lib-distill
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data (source code) to generate instructions for new skills.\n
- Ingestion points: Source files are read during Phase 1.3 and Phase 2.1 from a user-provided directory path.\n
- Boundary markers: The skill lacks explicit boundary markers or instructions to ignore embedded commands when processing source code chunks.\n
- Capability inventory: The skill has the ability to read local files, create directories, and write persistent data to the .claude/skills/ directory.\n
- Sanitization: No sanitization or safety filtering is applied to the extracted code logic before it is synthesized into the final skill package.
Audit Metadata