craft
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill installs and executes a custom shell script (
scripts/craft) to interact with the Craft API. This is standard functionality for providing a CLI-based skill. - [DATA_EXFILTRATION]: The skill requires a
CRAFT_API_URLto communicate with the Craft.do service. While this involves sending document data to an external API, it is directed to the official service domain (connect.craft.do) and is necessary for the skill's primary purpose. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes arbitrary content from Craft documents via commands like
craft doc,craft daily, andcraft search. - Ingestion points: document content retrieved in
SKILL.mdthrough read commands. - Boundary markers: None identified; document content is processed without explicit delimiters or safety warnings to the agent.
- Capability inventory: The skill can create, update, and delete blocks/tasks via the
craftCLI script. - Sanitization: No visible sanitization or validation of the content retrieved from documents before it is processed by the agent.
Audit Metadata