Skills
skills/ship-studio/saul-goodman-lawyer-template/onboarding/Gen Agent Trust Hub

onboarding

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill identifies a vulnerability surface where untrusted user input is ingested and written to a persistent file (SITE.md) without sanitization or boundary markers.
  • Ingestion points: User responses to business, audience, and brand personality questions are collected via conversation (SKILL.md).
  • Boundary markers: Absent. User input is directly interpolated into Markdown templates in the generated SITE.md file.
  • Capability inventory: The skill utilizes file-writing capabilities to create and maintain SITE.md.
  • Sanitization: Absent. There is no escaping or validation of user-provided strings (e.g., business names or taglines) before they are committed to the filesystem.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 05:46 PM