extract-skill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The skill ingests the current conversation history and existing
SKILL.mdfiles as data sources. - Boundary markers: Absent. The instructions do not specify any delimiters or warnings to ignore embedded malicious instructions within the conversation being distilled.
- Capability inventory: The skill has the capability to write and update files in
~/.cursor/skills/and.cursor/skills/(Phase 5: Write and Verify). - Sanitization: Absent. There is no validation or sanitization of the distilled content to ensure it does not contain malicious agent instructions.
- DATA_EXPOSURE (SAFE): While the skill accesses the user's home directory (
~/.cursor/skills/), this is limited to the skill's primary stated purpose of managing agent behaviors and does not involve unauthorized sensitive file access or exfiltration.
Audit Metadata