humanizer
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [External Downloads] (MEDIUM): The installation instructions recommend using
git cloneto download the skill from an untrusted GitHub repository (github.com/blader/humanizer.git). Because the author/organization is not part of the defined trusted sources, the repository's contents (specifically theSKILL.mdfile and any possible scripts) are unverifiable and could contain malicious logic. - [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process arbitrary user-provided text to "humanize" it. This creates a surface for indirect prompt injection where an attacker could embed instructions within the text to manipulate the agent's behavior.
- Ingestion points: Text input via the
/humanizercommand or direct requests to humanize text. - Boundary markers: None documented in the README to differentiate between instructions and data.
- Capability inventory: The README suggests the skill performs text transformation (rewriting); it does not explicitly document dangerous capabilities like file writing or network access, though these might exist in the unreviewed
SKILL.md. - Sanitization: No input sanitization or validation methods are mentioned.
Audit Metadata